Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3e2dfd226b869ad4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8b475c822e3364dc2033edf77ff77d9d SHA-1: d4119af46c2184f425d23965b4e6e64018e7ae2d SHA-256: 3e2dfd226b869ad4570b32a8e86d9d3c3b5f42b1ce02c3a79ab2b4908863a80a

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious content. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The primary technique observed is the use of a malicious macro-enabled document to initiate the attack chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.