Qbot Office (OOXML) / .XLSX malware analysis — malicious · f84b056adfa534cb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4a6a4737a074ff57079e87866335747c SHA-1: 7efacd767dd76ec9a96b1fde13c75de06f33f61e SHA-256: f84b056adfa534cb63ee2d101d536c0109a4445263d3742795399b1373a4488a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The heuristic indicates the file is designed to execute malicious code, likely via macros, to download and install the Qbot malware. The primary attack vector is spearphishing attachment, leading to macro execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.