Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2b932c3b65130ffd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0977ad62b38d516cb1403c4329e6f3a1 SHA-1: 477e2001b530eb83f68f8d4386b3b583901501ca SHA-256: 2b932c3b65130ffd9c67b7e1d509e655c324d6d830019d612dfbf7da5b6d34a7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses social engineering to trick the user into enabling macros, which then execute malicious code to download and run the Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.