Qbot Office (OOXML) / .XLSX malware analysis — malicious · f9a9ccc246a2e6f4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3cbd0c9bef866d022860bc3fa28a3a90 SHA-1: 2e1a5f414d0f666787776b99c2fd15c7da9fae19 SHA-256: f9a9ccc246a2e6f4bc8f0d667d910bc30554db4a1af6ee3bb2e7600a8ed36dd3

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.