Qbot Office (OOXML) / .XLSX malware analysis — malicious · 25bd421c264168fa

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5a17cfdc2b276c1d925a9a53204f7666 SHA-1: 66dec12e9e1bdbea0826d734fcde5957608c6ac4 SHA-256: 25bd421c264168fa705607dd49f504d8e4c0d9bad63901816d2f82c91dba870e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Such documents typically rely on social engineering to trick users into enabling macros, which then execute the malicious payload. The primary attack vector is likely spearphishing, leading to user execution of the dropped malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.