Qbot Office (OOXML) / .XLSX malware analysis — malicious · 20b2c828e40245d4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c4088b31bb889aa899b6ee6eb45f735c SHA-1: aa4e06c120ae9eadb09e03ed896f94700ce18647 SHA-256: 20b2c828e40245d49b0fcd2953ba2746e9fd8c643609a46ba66336754bc47f84

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically relies on social engineering to trick users into opening it, leading to the execution of the malicious payload. The primary function is to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.