Qbot Office (OOXML) / .XLSX malware analysis — malicious · 37b3d5b63f14ad2d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 44f5f3583773434efbdfd8c1a370cf47 SHA-1: a75d18ba3afe0e87434435ac52199075be3ec5e1 SHA-256: 37b3d5b63f14ad2d5aa0c6cd1698665fa9ebe96c5974b846da9710c5c79f4aea

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The detection name suggests it is delivered via an Excel document, likely employing social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and execute a secondary-stage malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.