Qbot Office (OOXML) / .XLSX malware analysis — malicious · 552e682124a31f60

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 60f486b7f8ec9c449a97537f0e4a3fed SHA-1: fd34e3afb258b5b4b94280533b99642a949b6528 SHA-256: 552e682124a31f606e6039f7001a6932512be7a33b5a43bc799d14c2d69fabea

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. Such documents typically rely on social engineering to trick users into enabling macros, which then execute to download and install the Qbot malware. No specific IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.