Qbot Office (OOXML) / .XLSX malware analysis — malicious · 29f5ef2ec0895726

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d3f34f5d804472cf6a2fadf31d364a56 SHA-1: b86110bc489e609b72ffc53fac6eabb3535141bb SHA-256: 29f5ef2ec089572687e08b488838ef93d5ac5d6f785bdeeab76797d0c6f0bcd9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious Office documents to trick users into enabling macros, which then download and execute the main Qbot payload. The heuristic firing directly points to its function as a dropper for the Qbot family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.