Qbot Office (OOXML) / .XLSX malware analysis — malicious · d7fb4296921b735a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0d1dac5581ca09cfe22133396afe3395 SHA-1: 7c1e8be66ed50727d89e10814eb87265775ca6a6 SHA-256: d7fb4296921b735acaf1fc257c751dc1d989e091e709a9d8d3ebf7f3b49ce855

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary function is to download and run a secondary stage, consistent with Qbot's known behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.