Qbot Office (OOXML) / .XLSX malware analysis — malicious · fbcc112012632698

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 28409815aad18897a9b4ced6f5aeaf2e SHA-1: 1fd2907ad77e43cde30287df3133a6954bace010 SHA-256: fbcc112012632698b64a8527c793af35aaae3172066714d65f5def508307367b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to deliver further malware. The detection signature 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests Qbot family attribution and a dropper functionality. This points to an attack pattern involving spearphishing attachments designed to initiate a multi-stage infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.