Qbot Office (OOXML) / .XLSX malware analysis — malicious · 92c3374da29389c2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ce209995eeb71dd38e957b745931d492 SHA-1: e4f6103b89bb66bc619ee7ffddfe9e929929f10d SHA-256: 92c3374da29389c26ce97c592db3b07d913b1cb38c691b0b3df219f6dddb988d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. This type of file is typically used to lure users into enabling macros, which then download and execute the Qbot malware. Further analysis would be required to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.