Qbot Office (OOXML) / .XLSX malware analysis — malicious · dd5905fbfc26b1d2

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: dfcfdd63c4d6a5069509bbb37f618ac0 SHA-1: a678fb5b7e095a754780aa5d4ee914a8a72bc421 SHA-256: dd5905fbfc26b1d2a5a10142a075121df132981f29479a01a8b69951844d923c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Script

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload, aiming to compromise the user's system for further malicious activities like banking fraud or credential theft.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.