Qbot Office (OOXML) / .XLSX malware analysis — malicious · b293d5de2c8a1b7e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0fcad3f53259bc46356ec9f9c620ce48 SHA-1: c05476e7974ab6001ba873eb93f9afc5df7b937c SHA-256: b293d5de2c8a1b7eeb5c2387d8460daeb53c449071b36837b3cc0bcad37d3e3d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The primary technique observed is the use of a malicious macro-enabled document to deliver a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.