Qbot Office (OOXML) / .XLSX malware analysis — malicious · b738d942a5ca74d4

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9d10af5912934747b63323f2850fd8d2 SHA-1: 538be5bef5d8f4d6aba628de8520988be4d19a17 SHA-256: b738d942a5ca74d49cd20098706a2ee4e395d434168577497e0d5f6f4163536c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of file typically uses social engineering within the document to trick the user into enabling macros, which then download and execute the Qbot malware. The detection name itself suggests a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.