Qbot Office (OOXML) / .XLSX malware analysis — malicious · f01919ecab408fa0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 10646051fced69f33deb5b241c57ebcc SHA-1: 98f33f38cd5a128c3f073c80ca61eeb6d0bc41eb SHA-256: f01919ecab408fa01c04d45f23e9f1ed348146bdeb9950a04a24065b2e000c94

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically relies on social engineering to trick users into enabling macros, which then execute to download and run the Qbot malware. The primary attack vector is likely spearphishing, with the embedded macro serving as the initial execution mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.