Qbot Office (OOXML) / .XLSX malware analysis — malicious · b3eb4cdfd2aa1420

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 825b5752485b81f6ce916d8c45d405c8 SHA-1: 74dbea0d4ac6c25fe0549e7a90dc14512f256e45 SHA-256: b3eb4cdfd2aa1420351d4d662dcbe6dfe7bb960bc886a403994c64eedcb90f44

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. The primary function of such documents is to lure users into enabling macros, which then execute malicious code to download and run the Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.