Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2a20b7f8e07c800f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f04f9ed1ff2b37fa2639af8fb8e75240 SHA-1: a6bf3a1074066c4bd7566c3b42aafbc5d725bd2f SHA-256: 2a20b7f8e07c800f4b94931c3da4280477164475b3e0e3f0bbdc27e169eeecd2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. As an Excel document, it likely employs social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and execute a secondary-stage malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.