Qbot Office (OOXML) / .XLSX malware analysis — malicious · dc4cefbe44e9bb14

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c252908062d369a4d5df3c231f8d0e7e SHA-1: d925d320c8b053e1c577ba450f1863172c61937c SHA-256: dc4cefbe44e9bb14197ccdc231bee3e6af565bf02b5b2f03fe3ef81af9d92dd0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack pattern involves luring the user into opening the document and enabling macros, leading to the execution of the secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.