Qbot Office (OOXML) / .XLSX malware analysis — malicious · f4891c251cc4e9ed

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 416e3484e9c73b2cd8f56dbfb4b0c030 SHA-1: cdc8a4f5ed435003d4dfd3e2d7a4c4cf33246e71 SHA-256: f4891c251cc4e9ed071b67dd044ac1cb5478d254b0673de8e4f87328e9422cac

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel spreadsheet. The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggests this file is a Qbot dropper. The file's purpose is to deliver a secondary malicious payload, characteristic of Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.