Qbot Office (OOXML) / .XLSX malware analysis — malicious · e666b7866216b978

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 305f4625612ae1cc1cfccc39f2cead7c SHA-1: 32c213788b5c572c9fad5c6fa77668b6fe13ecf2 SHA-256: e666b7866216b97807a8c566b2ede0339e15298a4487565d1f8003cff32fac55

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute malicious code to download and run the Qbot malware. The heuristic firing directly points to the malware family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.