Qbot Office (OOXML) / .XLSX malware analysis — malicious · f67f38b3f8871cb5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 569ba6787b6a95a5968c0277e4a3bab4 SHA-1: e0cf882acc4845cee3923515be073e7f6edad69a SHA-256: f67f38b3f8871cb59da1d143a298625d799b6742dcddbbe08e57219dbf4cf999

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. While no specific VBA scripts or document body content were provided for analysis, the heuristic detection indicates the file's primary purpose is to download and execute a malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.