Qbot Office (OOXML) / .XLSX malware analysis — malicious · d3b34b29763661cd

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d5bf9e42d864af5c20d4e7b971a6f618 SHA-1: 3143d9a117ca98fa039f53414e97512d3ff9e832 SHA-256: d3b34b29763661cd5c306c4f9f0e0225161e9712f48673f2b305c025aa756198

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The detection name strongly suggests the intent to download and execute a second-stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.