Qbot Office (OOXML) / .XLSX malware analysis — malicious · 446ce9f90ddb306b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2ac17682c7e15afa357534113fa37e6b SHA-1: 01f6ba6b6e8721759ca524ff4d270cade716e57a SHA-256: 446ce9f90ddb306b7380bf779415944c0be10cc94c817dfc9d2742936d620fa9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel document. This type of document typically relies on social engineering to trick users into enabling macros, which then download and execute the Qbot malware. The primary attack vector is likely spearphishing.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.