Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1e2f51d9b344e385

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7619374a34e7a5a7d3a6e7e9957fadad SHA-1: f35864c8882c0feac6f37ff1d05d1bf8c9ad8a03 SHA-256: 1e2f51d9b344e385e213ea21522e7bf2c0b508d913d426d3d682494f54b2a318

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute malicious code. The primary technique observed is the use of a malicious macro within a document.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.