Qbot Office (OOXML) / .XLSX malware analysis — malicious · 287a7d19bb9ec238

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 68d768ad6e0058b04fd49e8e1875775a SHA-1: 865acaa652e77188610cf7684aaea923afb971eb SHA-256: 287a7d19bb9ec238380472bbc68f6817cb79596378ac56b25d4185d59ee26c9a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The detection name suggests it is designed to deliver a malicious payload, likely through macro execution or exploitation of document vulnerabilities. The primary attack pattern involves luring the user into opening the malicious Excel file, which then executes the embedded malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.