Qbot Office (OOXML) / .XLSX malware analysis — malicious · fb147a322d93d85b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 272e4ad975d2283ceb1b4711436d468a SHA-1: 2c80c3fcc498f27de4f6053da248a4126ad816d2 SHA-256: fb147a322d93d85b148c599f798d3593b9f98a691cb52fcbf2e14c0ee70fe47b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a Qbot dropper. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata indicates it is an older Excel file, which is a common format for macro-based malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.