Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2295d10e0e6ab865

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 133cac26d4fdac0ffd95be656bcf2c0c SHA-1: 75cba1b0e277bbdfe1dc7da99805d9ea2352831b SHA-256: 2295d10e0e6ab86568dbee8c247c89c42be220bf8f7aea6a3f6689eb530bbd3a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses social engineering to trick the user into enabling macros, which then download and execute the Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.