Qbot Office (OOXML) / .XLSX malware analysis — malicious · 20abbc2cc03d7f43

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9ebc8b41a96929ee4c4d0fe506bf0221 SHA-1: 9bc7b4642bb1d54e0772bb23c917284a8812d8c5 SHA-256: 20abbc2cc03d7f43a2722f184d16e100c7fd19955bd82fb05db84f3bdf0d8e16

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a secondary payload. The detection name suggests it is a macro-enabled Excel document (Xls.Dropper) used for initial infection. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the embedded malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.