Qbot Office (OOXML) / .XLSX malware analysis — malicious · 99ea313549bc4cd3

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8702adc5d9fd89e919eea9f58d3d4721 SHA-1: 398a005cf03b70d19ee436d7429f23c386869ccf SHA-256: 99ea313549bc4cd3b5ecae9f775f2dae2c80e2b3c67bccc6b62a6c7238d0991e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of file is typically used to lure users into enabling macros, which then download and execute the Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.