Qbot Office (OOXML) / .XLSX malware analysis — malicious · de0ff657c53c9f5a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0ef369a49a297632014eeb5ab2f3e6e2 SHA-1: c3ad1da89cf8b5a60d55a5d979b2beb5a924f3e6 SHA-256: de0ff657c53c9f5a01d5d7367047081c0ee921c533ad4e951c5fb9c8c586a903

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then likely executes a macro to download and install the Qbot malware. Further analysis of the macro code would be required to identify specific execution techniques and IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.