Qbot Office (OOXML) / .XLSX malware analysis — malicious · c2c9bdbb94a64da5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f58b48c183b8c5ec33c4b381c3981f77 SHA-1: 541360e8f6b31a017e07bff8cf19e8f299457710 SHA-256: c2c9bdbb94a64da57d1324bfd6bfcdec13e3b1dec6dd22ff7ef2edeedb730a41

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack pattern involves luring the user into opening the document and enabling macros, leading to the execution of the payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.