Qbot Office (OOXML) / .XLSX malware analysis — malicious · b52a27f6a7a8c74b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6577d4986891e2fa5f640039e15c00aa SHA-1: 589bfe6db2c506db5bdf432b7177cf47e7ef3ca6 SHA-256: b52a27f6a7a8c74ba4c846f1458b1e410c36cb60b1ed9070c07f2cf312ad88a5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, a known Qbot variant. This indicates the Excel file likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack pattern involves luring the user into opening the malicious attachment and enabling macros.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.