Qbot Office (OOXML) / .XLSX malware analysis — malicious · bdb7ae8ae6d0b851

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f0d3d74e6e799365e10a232c36349605 SHA-1: ce3ce5712527f14f2e9ba21a00901fc598b8cb59 SHA-256: bdb7ae8ae6d0b85106c5ef846c39affaa3be9885464e76a7784fd28d050aec76

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of document typically uses social engineering to trick the user into enabling macros, which then execute to download and install the Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.