Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3fab24a7a7c13a5c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9a876cd86a7181008a6af3308e1a2915 SHA-1: c97c1bf5d49f17fcea48a131c8f1e3fcc371f311 SHA-256: 3fab24a7a7c13a5cb3010d6d4b9088357aad977e279b20d9c2d00e09ee7074ee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically relies on social engineering to trick users into enabling macros, which then execute the payload. The primary attack vector is likely spearphishing attachment, leading to the execution of a Qbot variant.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.