Qbot Office (OOXML) / .XLSX malware analysis — malicious · b2ca6e27e3b189ec

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9435847377bb94c9b7b1aee8750d7047 SHA-1: 223c53af4037a2ab00fb433b2429c49efd6cc490 SHA-256: b2ca6e27e3b189ecb06cc05e9826194040284d19e9ffaa523088595f9f287559

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of file typically uses social engineering within the document to trick the user into enabling macros, which then download and execute the Qbot malware. The specific detection name suggests a known Qbot delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.