Qbot Office (OOXML) / .XLSX malware analysis — malicious · 32325050e94cfca3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5210134d04c887482ed9c5b513dc8f44 SHA-1: 6976b67eac7d8680c6c1d3ea211e5f24d3e974d3 SHA-256: 32325050e94cfca373f5d3153066728a346015fd1025470610b94417f670280f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically relies on social engineering to trick users into enabling macros, which then execute the malicious payload. The primary attack vector is likely spearphishing, with the embedded macro responsible for downloading and running the secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.