Qbot Office (OOXML) / .XLSX malware analysis — malicious · cadd2f8d16d2dee5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5f40fcc776ce3b21b14d9916f696fdff SHA-1: 9d019b3c6133412c5e7cdc3c29f7d28970df4136 SHA-256: cadd2f8d16d2dee50c9b307173c6b1cc851567a004bf558751e7e4aaa23f6e85

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to act as a dropper. The primary function is likely to download and execute a malicious payload, leveraging user interaction to initiate the infection process.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.