Qbot Office (OOXML) / .XLSX malware analysis — malicious · 55ba1664f3e4f083

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 946b15b3f53a6955c467982daf808073 SHA-1: ef77c1a48ff7b801c306592bca8644307cd9775a SHA-256: 55ba1664f3e4f083c5ab6350e953c9eabb3608cdb647aca87f2d387a501077a1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malware typically uses social engineering within documents to trick users into enabling macros, which then download and execute the main Qbot payload. The detection name itself suggests a malicious document designed for payload delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.