Qbot Office (OOXML) / .XLSX malware analysis — malicious · dd5a944286ef1dd1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 024abbb5d2968eb3e86a142d5756c0d7 SHA-1: 135d7d22d4eea88625ed032c2d1e5eb667c4f18b SHA-256: dd5a944286ef1dd12977aaf5600f3576a6d993e5912f5b0e79a49f54ee38e138

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macros to execute malicious code, a common technique for Qbot distribution. The primary attack pattern involves tricking the user into opening the document and enabling macros, leading to the download and execution of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.