Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8c7f726e4f8c1268

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: db1eb3b57f06a00ce31dc672cc581b83 SHA-1: 782e9a3f98490b44a612677c26266696e8159c00 SHA-256: 8c7f726e4f8c126844a1893e25cc7ea619ce488cc217d04fef85d60da813caf8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of malware typically uses social engineering within documents to trick users into enabling macros, which then download and execute the main Qbot payload. The presence of macro-related heuristics further supports this attack vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.