Qbot Office (OOXML) / .XLSX malware analysis — malicious · 772b4e23b898aa0d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c0bf7df21d914ec7e7fd6b8a729a9e23 SHA-1: 89ca162e93f2a07996e76f1530a1735f52a09cab SHA-256: 772b4e23b898aa0dd6bc8033cb006b857d3ef55ac92f1e2c6346685dccce57e5

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The document's metadata indicates it was authored by Microsoft Excel, and its size and type are consistent with macro-enabled malicious documents. The primary attack pattern involves tricking a user into opening the document, which then likely executes a malicious macro to download and install the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.