Qbot Office (OOXML) / .XLSX malware analysis — malicious · 55e68402b111ba6e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: dc85e5ca1d7400963573128d5920dd2d SHA-1: 1529a23ea5774b97624c860002eb4973978fb81a SHA-256: 55e68402b111ba6e7cd0607837b8b469cfe431a80018ee85d2ddf4fadc24f2b1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute malicious code. The primary function is to download and execute a secondary payload, consistent with Qbot's known behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.