Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3d44e144e240c56e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 52c9ad0cfac5a178e12b1ac4ef9a96b9 SHA-1: 9a8d6cf5e0d2431bc4eb3b58aba70b0154bb670b SHA-256: 3d44e144e240c56e3f9c4dd49f08600e9063b1ebbc59aa8cd6e82778f40c8f60

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel file likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack vector is likely spearphishing, leveraging the document's macro capabilities to initiate the infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.