Qbot Office (OOXML) / .XLSX malware analysis — malicious · f105c95116d5f57a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 28a47e042d8b952d4e6099eac8798c83 SHA-1: 21f9025f703e299748e9de4bc9cc07b1e3a49923 SHA-256: f105c95116d5f57ade4c72d5ebb3639760f47d8fcf4c643725c5d73196fd0b87

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to deliver a secondary payload. As an Excel macro-enabled document, it likely exploits user interaction to execute malicious code. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.