Qbot Office (OOXML) / .XLSX malware analysis — malicious · 492c442b04d77837

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0a0b0e65518149bdb87daf731b3b0900 SHA-1: 68f963b843a7615c5a19b2efb6a05245ebd640dc SHA-256: 492c442b04d778371638b7baf779518c4ae9d8c9cdca07ce572cce92c380dfe5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and run the next stage of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.