Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8f2a27aa2ed35ec3

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4d401e005da61cd40d6ff9da6e35287e SHA-1: c7ddfa1c06b5a5eb489def7b3093ba3871cb9070 SHA-256: 8f2a27aa2ed35ec3af1db0916b373e4db67271466da6a7e6c5a4caff16983cd3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically relies on social engineering to trick users into opening it and enabling macros, which then download and execute the main Qbot payload. The high confidence is based on the specific ClamAV detection name.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.