Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3a555c59a5a313f3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 48a20c09fe039ea89c4ea351c9e43cd6 SHA-1: e898c846360711155dc09016e531f08ee5626d16 SHA-256: 3a555c59a5a313f34710deb98d71f8e11024c4f305f2eb75ce6ebdc0ee350293

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses malicious macros to download and execute the Qbot malware. The presence of this specific ClamAV signature provides high confidence in the Qbot family attribution and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.