Qbot Office (OOXML) / .XLSX malware analysis — malicious · 24608f37b51b5d00

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4b2c6d5ac66fb8ba78df1ad0af297074 SHA-1: cacaf243dd576867e5a95c3e1172b203133667ab SHA-256: 24608f37b51b5d00caa5341d798eec9a9e3595dd31a077bb866d2eac7bf01d71

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Such documents typically leverage macros to download and execute the main Qbot payload. The presence of the Qbot signature suggests a high likelihood of malicious intent and execution of a secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.