Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3600d157f7cc77ae

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e277662b89ac2c1f306a73b8d700a90b SHA-1: 23da3dc68852ec0c98f66e04b23dfe29394c7cf3 SHA-256: 3600d157f7cc77ae7eaa38c561a58004b0c8e2a22e81be0ec011384ee820f6b5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating Qbot malware. As a dropper, its primary function is to download and execute a secondary payload. The file's structure and heuristic firing suggest it's intended to lure the user into enabling macros or exploiting a vulnerability to initiate the malicious chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.