Qbot Office (OOXML) / .XLSX malware analysis — malicious · 25462a5462c40e3e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9351c6338310f0f67cdcd470a7d68ed9 SHA-1: 361f9776d80938d073ac4574cb353bbb539d201e SHA-256: 25462a5462c40e3ee445cd80c8536e049925277a9ead1389234364116695fa70

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. This type of document typically uses social engineering to trick the user into enabling macros, which then download and execute the Qbot malware. Further analysis would be required to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.