Qbot Office (OOXML) / .XLSX malware analysis — malicious · fb04e49b9a90fcd0

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 45998c10b2db72a397925cfa3b36d5fa SHA-1: 8230d4e609899fef73dd989fa6026f6882e1eea6 SHA-256: fb04e49b9a90fcd0336f252e4e71634f110e67c7673bc1640b61971c1b1e74a0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install the Qbot payload. This aligns with common phishing tactics where malicious documents are delivered as attachments.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.