Qbot Office (OOXML) / .XLSX malware analysis — malicious · 808c71a52dfa0df8

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2d36cfdace514ccc8a1932f6c7b327c3 SHA-1: a02256d45ecad602477232af91cb3ec21d26f290 SHA-256: 808c71a52dfa0df821b6ca46311ccf61da7e1cfd4b4877397da17bd5ef47e219

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. This type of malicious document typically relies on social engineering to trick the user into enabling macros, which then execute the payload. The primary function is to download and execute a secondary-stage malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.