Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3cfb3a9100aa9829

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 62512de2dd2c8ccf1d7aa5fefb4ca1e7 SHA-1: 4f9e8cc5c7b75235af0ff12fa973ba174e072de9 SHA-256: 3cfb3a9100aa982909d100093352077bb491c5669ad631939e56bec9e3174194

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware is typically delivered via malicious Office documents, often using social engineering to trick users into enabling macros or opening malicious content. The primary function is to download and execute a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.