Qbot Office (OOXML) / .XLSX malware analysis — malicious · f554d545f44445eb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: eac981d6e3eecb3b8932b6475c12e155 SHA-1: ebe67b52a633b42138e867c87edf9d647e351876 SHA-256: f554d545f44445ebb73d552efcc7024a1baca1b924ef6f581b351ff3b488ffd7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of malware typically uses malicious documents to lure users into enabling macros, which then download and execute the main Qbot payload. The primary function is to serve as an initial access vector for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.