Qbot Office (OOXML) / .XLSX malware analysis — malicious · fb6c324b05041241

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0bd48e89cbd941e89b64d4c52b7a6766 SHA-1: 481ec2727a1fe9d43fffeab259aac51dcc765c5f SHA-256: fb6c324b05041241c2b62c2a471c0be5e15597aa0c0af367a17211cf137e9b7f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic explicitly identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of file is typically delivered via spearphishing attachments to initiate a multi-stage infection process.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.