Qbot Office (OOXML) / .XLSX malware analysis — malicious · 320c8e7f17684d32

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 73c5be5fad4ce9e6335ded3dc7d90ff6 SHA-1: 8efa082bb8ebd102522608a950b16badd3529570 SHA-256: 320c8e7f17684d320351daf6f2f5efa94d649f4a1e2b44ce6935a2dbeaa4dd6f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and run a second-stage infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.