Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1ddaf604ea346d86

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 43e522b40fc261be283fddee53bd717c SHA-1: bf7501694730b6ef5aa57581286952ab08b01003 SHA-256: 1ddaf604ea346d8647b95f0322bfc1d1009fd96d2f1ab0a49aae0c5c1c1200f6

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family infection. As an Excel document, it likely employs social engineering to trick users into enabling macros, which would then execute malicious code. This code is expected to download and run a secondary payload, consistent with Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.