Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2f2bc7ba57d551dc

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a53a2ce3dd915731b5c6f50e213c7f32 SHA-1: f6e6773ec8cfd191adaa06a4665c87b0f0d1798c SHA-256: 2f2bc7ba57d551dce4b8267b8dc2529f98e7afc5c3a58ddcd8a47c608c4d7764

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically relies on social engineering to trick users into enabling macros, which then execute to download and run the main Qbot payload. The detection name itself suggests the primary attack pattern involves delivering a Qbot variant via an Excel document.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.