Qbot Office (OOXML) / .XLSX malware analysis — malicious · ba6f2ba80c50239d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 43bda86ba96f4f68e9a2c90dd0f6d3ee SHA-1: 5049393e666c8e833fb88ecbc455d45f8b276615 SHA-256: ba6f2ba80c50239da9129656544f2ea66ea7d0f441fdfa82246eb96a7f098dbf

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious payloads. As an Excel document, it likely employs social engineering tactics to trick users into enabling macros, which then execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.