Qbot Office (OOXML) / .XLSX malware analysis — malicious · 320736d2017e15d4

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 417309086e2fd12cdb1724e8f416e50d SHA-1: 54e5a4d50a5200594067f648e4f3b478a119c5aa SHA-256: 320736d2017e15d463b2d5f148d7b3f0b58fdfe5de8a918d2942c31a4238e803

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary technique observed is the use of a malicious document to deliver a secondary stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.