Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8ca8229ed95ae102

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fa2f9ce33d011cd3236c3ee1ca083e46 SHA-1: af912f270f809809c997747d1b0c5953c4d8691c SHA-256: 8ca8229ed95ae1029560396c103a18e21a1043b966828d665724699c99d5bc38

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel file, it likely uses macro execution or exploits to deliver the Qbot payload. The primary attack pattern involves tricking the user into opening the malicious spreadsheet, leading to the execution of the malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.