Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2bacbe78f51fd21d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 29d46e0f96f62eef3c219ca4f0e33b93 SHA-1: 525c19a3b972434206eec054d2f478edc929cae7 SHA-256: 2bacbe78f51fd21da5e76462a887899a234ae8735668acd39a1c98edcbfb5779

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of file typically uses social engineering within the document to trick the user into enabling macros, which then execute to download and install the Qbot malware. The detection name itself suggests a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.