Qbot Office (OOXML) / .XLSX malware analysis — malicious · aa6417dfb8281c69

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 21c11a1adbf4a6d2e28ef162a3a1b136 SHA-1: 8edcbf15496877beffe3084a844d45642b3e8da7 SHA-256: aa6417dfb8281c6976500001e5beaadb1b0ff189929c741e436ef085f66a4347

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. As an Excel document, it likely employs social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and execute a secondary-stage malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.