Qbot Office (OOXML) / .XLSX malware analysis — malicious · 55c0e3b765911013

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b12651bb044f4c07f2f6832bcd53fd54 SHA-1: 7894178b22a92839efd688e072c139c4785578da SHA-256: 55c0e3b7659110139cca5c6cce1bc916dd05cbea2161366b90b5bf388cc542fd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of document typically relies on social engineering to trick users into enabling macros, which then execute malicious code to download and run the Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.