Qbot Office (OOXML) / .XLSX malware analysis — malicious · b874ae8e729d0649

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2b837156ffa731a1ea6f926dcd74b4fc SHA-1: d55a358f7d8f58fcd9f36a5c829fdc43d08f83da SHA-256: b874ae8e729d0649e7d5daf73f0c6e0483582a6e0691fb15032d03f721d207cf

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. This type of malware typically uses malicious Office documents to lure users into enabling macros, which then download and execute the main payload. The presence of the Qbot signature suggests a high likelihood of this attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.