Qbot Office (OOXML) / .XLSX malware analysis — malicious · 901435482e2d13ea

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a4ee81fd037bba5986a2b2e53d9a10cf SHA-1: 19215e0e83b6f22914e8e82c54cbfdc85749ce0b SHA-256: 901435482e2d13ea3f08d7529c496b0a8111a42654f7da2fb90ff94249cee005

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family dropper. The primary attack vector is likely social engineering to enable macros, leading to the execution of malicious code. The heuristic firing indicates the file's purpose is to drop or execute other malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.