Qbot Office (OOXML) / .XLSX malware analysis — malicious · f4de9d6bbc99ac1a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8968e9cf48d99cec6b900b2f29a8e5b7 SHA-1: 763e1e6506d8c2703d4544377379be9050429815 SHA-256: f4de9d6bbc99ac1aaf9b1a5e5d858d4669fd4f509bf41a490b83b365e51b8cf3

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses social engineering to trick users into enabling macros, which then download and execute the Qbot malware. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.