Qbot Office (OOXML) / .XLSX malware analysis — malicious · a85c9784f6540c4d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5db8ae859a0f446b3a5cd8455a5af784 SHA-1: 6acf238115c3b64a2c605763495a0f1f649a0bb7 SHA-256: a85c9784f6540c4d828dee647d537f053287f93fa97c946662474caac7edb2cd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. As an Excel macro-enabled document, it likely uses embedded VBA to initiate the malicious payload execution. The primary attack pattern involves tricking the user into opening the document and enabling macros, leading to the download and execution of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.