Qbot Office (OOXML) / .XLSX malware analysis — malicious · f66393a33518c825

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8dde879d497a18f0703f9ae8439d03b6 SHA-1: 0ebc0f87a1c1ceb9856d14f89bf35a123d2b6e5f SHA-256: f66393a33518c82527a12a04ddd4d0666e67bfefd0d8ee716dbfef79a7d15453

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The primary attack pattern involves luring a user to open the malicious spreadsheet, which then executes a payload. While no specific script content was provided, the detection name implies the execution of malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.