Qbot Office (OOXML) / .XLSX malware analysis — malicious · fdc965bc53bb55c3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ddd97ba8c2410535891cc2b1cda6c83a SHA-1: b329e3631848c461908d95aaf9338bc8e5a34f59 SHA-256: fdc965bc53bb55c3e83b098b927ac0121f1be325dfd221eb02be33d7ae03477f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such documents is to execute malicious code, typically via macros, to download and run the Qbot malware. This aligns with the typical attack pattern of spearphishing attachments used to deliver malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.