Qbot Office (OOXML) / .XLSX malware analysis — malicious · 300ce30e2231d545

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 88d99f21399b823152e8e31fe3195da0 SHA-1: 38674b38075245f4a9079042d5fbdad31b2e716e SHA-256: 300ce30e2231d545162aa19540de7250e4b889c676672cc6d02f9395c350466d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial payload. The document's purpose is to download and execute a secondary-stage malicious file.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.