Qbot Office (OOXML) / .XLSX malware analysis — malicious · f08fee7fe8f63a8a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1d990434abbd84dbcb0c8a5b51e9e544 SHA-1: 489ca094498b98f5a95c523acb2f55c7ac38bd86 SHA-256: f08fee7fe8f63a8ab0cb49711abbf982c6b65bf5029c9492691efe135fccc525

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of malware is typically delivered via spearphishing attachments to download and execute further stages of the attack. No specific IOCs were extracted from the static analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.