Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1a685f31823e1b4e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f243c887117b9bfc908a635ef128d5ba SHA-1: 0434cd5adb203db5e18fc232492de57f9b06723d SHA-256: 1a685f31823e1b4e45112e14a34b2f7c31aeb2d4dc53686514f353f971484e1f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to download and execute a secondary payload. The heuristic firing points to a dropper functionality within an Excel document, a common delivery method for Qbot. The file's nature as a dropper suggests a multi-stage attack.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.