Qbot Office (OOXML) / .XLSX malware analysis — malicious · eea796b8467fcea1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e495bf9f83c30d227f90ca118a168199 SHA-1: f8a30096476daf98e5d4f9f9d8da5df2bdb5a233 SHA-256: eea796b8467fcea1935b22c4cedd0dfa710d4c2af087708e2c110475a0fe081d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern involves spearphishing attachments to deliver the Qbot malware. No document body or scripts were extracted, but the ClamAV signature is highly indicative of the malware's purpose.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.