Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2686cf2e9e754a2d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 05ccddaef5f8a34ce19ebd632e2c0e44 SHA-1: d3390a0815cdc082a0b6c58294e71708d186a46e SHA-256: 2686cf2e9e754a2d5055ac811931eababbf05a8033ac8c7ff372b38260cd4aed

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload. The presence of this specific ClamAV signature provides high confidence in the Qbot family attribution and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.