Qbot Office (OOXML) / .XLSX malware analysis — malicious · d0c832ed1a8d3e8b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 58846764fb771f364b6e760b61cafa35 SHA-1: ddc33d9ffc8dc921f6211493525a46fe0ded97de SHA-256: d0c832ed1a8d3e8b28a4dfd3744057e577f754ebf0f468065f3ec3f634ef4d10

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is part of a Qbot (also known as Qakbot or Pinkslipbot) distribution campaign. Qbot is known to be delivered via malicious documents, often using social engineering to trick users into enabling macros, which then download and execute the main payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.