Qbot Office (OOXML) / .XLSX malware analysis — malicious · f2895a860b020f31

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 901516138b1c98546ec972e1468cba71 SHA-1: 716c8c9006d4e098571ff99502461d1c81000c3b SHA-256: f2895a860b020f316877f5ea1bd83e20d78d8e1ac702d7d95235a53baca16cb0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The primary attack pattern involves delivering the Qbot malware through a malicious Excel file.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.