Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4e1822cfd22c19c2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 673e39245fe074866f1db8ebd730fbc4 SHA-1: e55e6db4a62fc73a8f24d4afe48adcd6420ab0c0 SHA-256: 4e1822cfd22c19c25b5a7270c6ec2258453bcf97f2df9d07da22d2aa73a48c02

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of document typically relies on social engineering to trick users into enabling macros, which then execute the malicious payload. The primary attack vector is likely spearphishing attachment, leading to user execution of the dropped malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.