Qbot Office (OOXML) / .XLSX malware analysis — malicious · a56a2a5247dbb47a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bbcc82e185201979413410882f3b59b1 SHA-1: 5b8032d27c412f35105ab06227a00e689e4ee644 SHA-256: a56a2a5247dbb47a455be418b363ad3f14fb6086797e5ef1acd7d2dcdefbde8d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically relies on social engineering to trick users into enabling macros, which then execute malicious code to download and run the main Qbot payload. The presence of this specific detection signature is sufficient evidence for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.