Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2c4995f63e695ba7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fffd165d09c804c6a0be14e4c687c19a SHA-1: 62f2e3066fab400f73774743bf9b4ec467999d6a SHA-256: 2c4995f63e695ba7c60b2c5f55380642e8e348acbf856bd0fef9fe81c725fcc5

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. As an Excel document, it likely employs social engineering to trick users into enabling macros, which would then execute the malicious payload. The primary technique observed is the use of a malicious document to initiate the attack chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.