Qbot Office (OOXML) / .XLSX malware analysis — malicious · f128dba97fa902d2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 36bf62b564af925d5f7c1619aa53c4c5 SHA-1: aaa161e740872118cbb026276183d82f1f066dc8 SHA-256: f128dba97fa902d257ef77bdb66e7b415161225f05edcdbed24a6c477006debd

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for Qbot malware. The detection suggests the file is designed to execute malicious code, likely through macro execution or exploiting vulnerabilities within the Excel application to download and install further malicious payloads.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.