Qbot Office (OOXML) / .XLSX malware analysis — malicious · f6fe6483396fc729

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 606ab4106ce53e18f63077824a48a11c SHA-1: 56103a03be74075015ce1441332be074f22afa47 SHA-256: f6fe6483396fc729aef99d2d5a99a59fa69c38a0435f64c82c6192689e1dd58c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute malicious code. The primary function is to download and execute a secondary payload, consistent with Qbot's known behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.