Qbot Office (OOXML) / .XLSX malware analysis — malicious · 892db20f00c9f3da

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c3addb21cd7a4299cebef7f77cb6fd3e SHA-1: 7fde5daca79facc7c192817a6146401c1d6280be SHA-256: 892db20f00c9f3daa69b69372b077b6eeef24906aef177bb59d45206ce16eabc

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel spreadsheet. This type of file typically relies on social engineering to trick users into enabling macros, which then download and execute the Qbot malware. Further analysis would be required to identify specific delivery URLs or dropped files.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.