Qbot Office (OOXML) / .XLSX malware analysis — malicious · 365e8c22d60d7d02

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6fac6efab670178e404a4b2f92bb21a1 SHA-1: fffc88cb1ca882f306384666ddbc1fc92d6b8a43 SHA-256: 365e8c22d60d7d0215051bb3670629b68ae47bdef2e42da8e66ea4fbaa27a1a6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. Such documents typically rely on social engineering to trick users into enabling macros, which then execute malicious code to download and run the Qbot malware. The primary attack vector is likely spearphishing attachment, leading to macro execution and payload delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.