Qbot Office (OOXML) / .XLSX malware analysis — malicious · f2388c8354b23348

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 77eafacc241caca4a5aa48b42ee32356 SHA-1: 427cbfb485366c712866feb0e275aa41777e237e SHA-256: f2388c8354b233483cf728b56f943435c2d080667d32c9eb31ec7717d1ff857d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as a dropper for Qbot malware. Qbot is known for its capabilities in downloading and executing further malicious stages, often through phishing lures. The file's metadata and detection signature strongly indicate its malicious intent as a Qbot distribution vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.