Qbot Office (OOXML) / .XLSX malware analysis — malicious · e39946afadb9654d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 63d477581366af51a0ba84aafe695dae SHA-1: a87bd8c3e407e489fe1a3d366acd2e45b21594be SHA-256: e39946afadb9654d04a3c583f9137d77485de813f4f54fd1a99af83091272ac8

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting Qbot family involvement. As an Excel macro-enabled document, it is designed to trick users into enabling macros, which would then execute malicious code. This code is likely responsible for downloading and executing a secondary payload, consistent with Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.