Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2f6a8e452816b209

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 01b9fc0b1615fc0e1cb869507f3473ac SHA-1: 9a7d779298245da32785990930255fc5eac79f40 SHA-256: 2f6a8e452816b209769e707701b57b3fc829f513462b396871f406a8a74ffa63

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of file typically uses macros to download and execute the main Qbot payload, often delivered via spearphishing attachments. The heuristic firing directly points to the malware family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.