Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7aac34adddd64e92

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d132ac72db93bf6c64e9845aa0e0bc0a SHA-1: 67124c275532d494241b4588ef0f065d58c28613 SHA-256: 7aac34adddd64e920f33605056a0e7f7decaa59b0bda067d0c2457dff12b4fbe

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and run the next stage of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.