Qbot Office (OOXML) / .XLSX malware analysis — malicious · ed2c67f865847809

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2ae7b5104a21f6fd4049c1a1813b7c21 SHA-1: b7202336d68d7c01fdfe632d024484c06eede76e SHA-256: ed2c67f865847809b1f30ad803440c6ef1b12fbb67ca8050d63546a09ccd6f66

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family infection. The detection name implies it functions as a dropper, likely intended to download and execute a secondary payload upon user interaction, such as enabling macros.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.