Qbot Office (OOXML) / .XLSX malware analysis — malicious · d6edb9f0f75205e3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 339dc4d0d7ba5c454e909c868463a8c5 SHA-1: 941bf8e41bb4392e115236f42ad7dcff85cf1e88 SHA-256: d6edb9f0f75205e3472fde6e1216c0b7dc3eb3ee7ea24629dfe20843f3558ee1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family infection. This type of document typically uses social engineering to trick the user into enabling macros, which then download and execute the main payload. The detection name itself suggests a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.