Qbot Office (OOXML) / .XLSX malware analysis — malicious · b181f9e1b84aca67

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b9b00c8e873ee79699f12620a111e853 SHA-1: b0b9b5035d4a1b3233d877610578459f5965e529 SHA-256: b181f9e1b84aca6787d36e631f9f9d2d21c723a0c520b9c36d2fbb20a94e1f4c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack pattern involves tricking the user into opening the malicious document and enabling macros, leading to the execution of the Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.