Qbot Office (OOXML) / .XLSX malware analysis — malicious · f4eedd39cec3b476

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: adc3e7f866e557e92ad77f715b936c3c SHA-1: a35078fe2d401986dd36631b8f2dfed6bd956969 SHA-256: f4eedd39cec3b476847b040cc1f0fa08385acdfd211c6bffeb50c97c346a7186

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel spreadsheet. The primary attack pattern is likely spearphishing, where the user is tricked into opening the malicious attachment. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.