Qbot Office (OOXML) / .XLSX malware analysis — malicious · d2f1365f773829a6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 486a24fc99f16e5c3ff7fa9155a08fbc SHA-1: f49fb1370b8ccf795fedca9f16049e394971c59d SHA-256: d2f1365f773829a6049eda193ff845040d8349ec7bc4dd6fe04a068bc6a62db2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such documents is to lure users into enabling macros, which then execute malicious code to download and run the Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.