Qbot Office (OOXML) / .XLSX malware analysis — malicious · a44516bed4831333

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ac4e342e11e69e206c64b1429d6eee6b SHA-1: 842777b9af89af7da024a174060930d8821bc7d8 SHA-256: a44516bed4831333044662e04407e1c27bded4a50a24bb114abd6c9b0de604f0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically relies on social engineering to trick users into enabling macros, which then execute the malicious payload. The primary technique observed is the use of a malicious macro to download and execute a secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.