Qbot Office (OOXML) / .XLSX malware analysis — malicious · 92bfba62a5e539fd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f8b034c0c7bcbc44c91b3308bb8ed8b3 SHA-1: 8cf9f90e7a8abb7170d0032603f6f8f7c34484d2 SHA-256: 92bfba62a5e539fd7b23945d2017e2b8a647777f402781324c2c0f6009f3f708

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family infection. The nature of dropper malware in Office documents typically involves social engineering to trick users into enabling macros, which then execute malicious code to download and run a further stage. This aligns with the common attack pattern for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.