Qbot Office (OOXML) / .XLSX malware analysis — malicious · f582d3683d7dc2b0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bf9210e2a6aa1bef7854d0b5af25aa3c SHA-1: 3309fd5b078ccd2a221496fda1ae574e6f853373 SHA-256: f582d3683d7dc2b0aff9419bfe1f033d8ee089b8d0bcedd20ff80948350144f5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot malware family. The detection suggests the Excel file is intended to deliver and execute a malicious payload, likely leveraging macro execution to achieve this. The presence of Qbot indicators points towards common phishing or social engineering tactics to lure users into opening the malicious document.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.