Qbot Office (OOXML) / .XLSX malware analysis — malicious · deb7e892ce26f546

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a2556bc4a0ae95c09eeaa25f000f74c1 SHA-1: 87fb6ec09ebad147b5b39770d46153e369d401d9 SHA-256: deb7e892ce26f5463f29fb756bc8c5a35a70f35db7280b2b960568e6349241c3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. This type of document typically lures users into enabling macros, which then execute to download and run the Qbot malware. The primary attack pattern involves social engineering to trick the user into executing malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.