Qbot Office (OOXML) / .XLSX malware analysis — malicious · f4ec7c3887d8597a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ba04aeae783676c0118dded62a5bb44b SHA-1: 805bfe60e0aa0f44c26b9198ba7205e6d9151201 SHA-256: f4ec7c3887d8597a16977084c6f8809ef6423f691953d5f88338a5d362dc7718

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically uses embedded macros or exploits to download and execute the main Qbot payload. The primary attack vector is likely spearphishing attachment, leading to the execution of malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.