Qbot Office (OOXML) / .XLSX malware analysis — malicious · fa7d48330e7d6208

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ce4a0c4c3bd22471d327b39987188827 SHA-1: 2a30bca4b1bd5fe399c9efdc82ddd387723008aa SHA-256: fa7d48330e7d62081ffa20a1a74c493b13b043920c30c848eb0e6ea7c9414ef8

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family infection. As an Excel file, it likely employs social engineering to trick users into enabling macros, which would then execute malicious code. The primary function is to act as a dropper for further malicious activity.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.