Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9002131ec8bc6482

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d1915f7a361a0a9986a0271113d6bfb0 SHA-1: 736e9c753c36838a93861031832b8e038ccebf6e SHA-256: 9002131ec8bc648271b36e6d7400574333b84ff44e9e456a36818acd6d302a5e

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. The primary attack vector is likely social engineering to trick the user into enabling macros, which would then execute malicious code to download and run a further stage. The heuristic firing indicates a high likelihood of malicious intent.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.