Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3a686394d4658403

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d1d44bd9c435320dd0c2c0889cdf5d6d SHA-1: d4c1fb46fb7ed4a527c7351c44acbea940ac68f6 SHA-256: 3a686394d4658403ef031aed3271c6589d8b1a602f335ba96a277225f06840a1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload. The heuristic firing directly points to the malware family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.