Qbot Office (OOXML) / .XLSX malware analysis — malicious · 86edcbc4f6c6223d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f23320a904e300b665b47fe4a943fa01 SHA-1: 270ad953aab30715b3470c131bab549fa92ca256 SHA-256: 86edcbc4f6c6223d1ab45365cb7ee18b7176a930e0e2aaaca59efe6ba3631de6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary attack vector is likely spearphishing attachment, leading to user execution of the dropped malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.