Qbot Office (OOXML) / .XLSX malware analysis — malicious · aa5166963b5f2a81

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f3049b389999d1f18066a621cf618d4f SHA-1: c1ec4d1c844cea7316fe44e9c2f6015f2e5e5e64 SHA-256: aa5166963b5f2a81d77b7a8f9f40b42b69002b252b5f24e4cf4b1ded7237d4e4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. This type of document typically relies on social engineering to trick users into enabling macros, which then execute the malicious payload. The primary attack vector is likely spearphishing, with the document acting as an attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.