Qbot Office (OOXML) / .XLSX malware analysis — malicious · f04bcfa3f4043527

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8470ae20a451bf98e55cdcec166415b2 SHA-1: f7565af1d024f5d2d9aa72a20ef99d43fca58d5a SHA-256: f04bcfa3f40435276c7c5cb81411d068d18278f7a27a4c134b40f6407e70266b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The primary attack pattern involves spearphishing attachments, where the user is tricked into opening the malicious Excel file. This file's purpose is to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.