Qbot Office (OOXML) / .XLSX malware analysis — malicious · cae1d3cbd07913d8

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 66233b4292fb16a7263726dcee16de63 SHA-1: 5ae46e8e5758ccf279e3281ae75d351832fd36e9 SHA-256: cae1d3cbd07913d8e886be0ec248e82e76d94e823efc761be2eb86b9f67fd1c4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious documents to trick users into enabling macros, which then download and execute the main Qbot payload. The heuristic firing directly points to its function as a dropper for the Qbot family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.