Qbot Office (OOXML) / .XLSX malware analysis — malicious · eccc79431462d9b0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 37d1b2d058ecd817da626f29dd4b8974 SHA-1: 9b553bfed5f597fbd7fc9db8070a4ee2cba65f24 SHA-256: eccc79431462d9b09dce792e03914356ba6c66895f07e0b54fb1f83f8fc67436

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot downloader. Qbot is known for its ability to download and execute further malicious stages, often involving credential theft and lateral movement within a network.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.