Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9a54f4995a39e7e7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d6926b1d4df0273e611bcfe7f4e6a28d SHA-1: 3f58622a23fbfdc41df467188c89183be4b1b901 SHA-256: 9a54f4995a39e7e7a0b76e908000e9ceff81670e047b02b1b37f273b2359da71

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses social engineering to trick the user into enabling macros, which then execute to download and install the Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.