Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7e5a0ffb56e83ad8

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 346fa2d297aaaf1e6be0acddc1f1b1ea SHA-1: d77db34cf3d54f6d9d60ed2f4a744f3dcc0365cf SHA-256: 7e5a0ffb56e83ad8415294f932956fb95b2f1f2a3054d9ccf90e0a33afed8c3d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. The primary function of such documents is to trick the user into enabling macros, which then execute malicious code to download and run the Qbot malware. The SHA256 hash is included as a primary identifier for this specific sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.