Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9ae1c3b4cac00fdc

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7697c278792435df866c41720d7ef008 SHA-1: b8c55a66b988ea0e03586d2ca6160b6182377b39 SHA-256: 9ae1c3b4cac00fdc1cf51c10fe8d410e412dd743b989e5138eeabd0c82e71722

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. This dropper likely facilitates the download and execution of the main Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.