Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3d4fe99096f19e0e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2bc5884945c2f3d85ffe50ebef5c3b88 SHA-1: 7e8ada09343c3ec0c61a7fa34c38a611e647f6ef SHA-256: 3d4fe99096f19e0e9c31615e37dafdc84bee08c0d96fddffcc9c225824e0a01c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macro execution to download and run the secondary Qbot payload. The primary attack vector is likely spearphishing attachment, leading to malicious file execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.