Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4b12d67684a8513d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b00346c6853cee3d477000d996b4253d SHA-1: 6e56cf8d8ea8906867962f09f9fe5d4c26208bb2 SHA-256: 4b12d67684a8513dc0ee8873a8d3c84b60d816e26cb5d424737cae9652d97273

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant. Such documents typically rely on social engineering to trick users into enabling macros, which then download and execute additional malicious components. The primary technique observed is spearphishing attachment, leading to macro execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.