Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1e7b722217a7cec2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4fd6477e16617e40c13971497c1bd438 SHA-1: 6a075e3f86d770474e8558d56785decf31f21495 SHA-256: 1e7b722217a7cec2bf955f99ac7429dd4109bc664b04e4cda3b65d2e65875ea3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot malware family. The detection name suggests it leverages Excel macros or embedded objects to initiate the malicious execution chain. Its primary function is to download and execute a secondary-stage payload, characteristic of Qbot's infection vectors.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.