Qbot Office (OOXML) / .XLSX malware analysis — malicious · ed4602fc79dcf65f

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2bdf919abe8d8ca84a836d62193e3b93 SHA-1: d60ccaafe0ef6f226c05e3b0bbc7b32cbc34b828 SHA-256: ed4602fc79dcf65fec109d57145403a38b274cc0fb94786f5e5adbc92413199d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel file, it likely uses macro execution or an embedded exploit to deliver the Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.