Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1e76670cba4ba083

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 21e83bc2eebc9f6521f7f257530652ea SHA-1: b0dd29ac1c2d8285dda93f55df1ab30b3e2d2f1b SHA-256: 1e76670cba4ba0837b196793c12b149acc7dc76917f59cde18b9ec2b636026bb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its nature as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leading the user to open the malicious Excel file, which then executes the embedded payload. Further analysis of the payload's behavior would be required to detail its specific execution and persistence mechanisms.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.