Qbot Office (OOXML) / .XLSX malware analysis — malicious · c82dc0e27e82586e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 76d88f99bced1e1dd1fb322197cd8d3d SHA-1: 721fe4890f49d0d9c3af6839519b6997f5856913 SHA-256: c82dc0e27e82586eee3fe5bbfef5047653486e243c692d139a686583462d0f9b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing T1566.002 Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to act as a dropper. The primary function of such documents is to trick users into enabling macros or exploiting vulnerabilities to download and execute a malicious payload. Given the detection name, the likely attack pattern involves social engineering to prompt macro execution, leading to the download of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.