Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9dc1260da2a69aa1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 30f7272f8555b9963eb7ac13d7406449 SHA-1: 96aeb181382a6ab9e29259cd96fd782dbb7dfa04 SHA-256: 9dc1260da2a69aa1bfebc2087e529dd011cfd5da94fd061b6ea242c146008850

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically relies on social engineering within documents to trick users into enabling macros, which then download and execute the main payload. The primary attack vector is likely spearphishing attachment, leading to user execution of the malicious macro.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.