Qbot Office (OOXML) / .XLSX malware analysis — malicious · fb5e306f5322d99a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e46b0a5ada3dd4e64b2a34d1acb2bf60 SHA-1: 7fcd7955cc4e548ebe64ce2635d3d53111f71073 SHA-256: fb5e306f5322d99a88101269587a7467106eb5bd71b3ccab75aae7967635deab

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as an Excel spreadsheet with a critical ClamAV detection signature indicating it is a Qbot dropper. The presence of this signature strongly suggests the file's purpose is to download and execute the Qbot malware. Further analysis would be required to identify specific delivery mechanisms or IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.