Qbot Office (OOXML) / .XLSX malware analysis — malicious · 20c09dff1f9e127b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5486a245f8655119c5ac370e105b4caa SHA-1: bdbe10995a53bb8cffdc025d367ab943f9403a07 SHA-256: 20c09dff1f9e127b247f2c6f506fc1c3d42a7f64de0b9ed2804d080930014415

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant used for dropping secondary payloads. The file's nature as an Excel document suggests it was likely delivered via spearphishing. The primary function is to execute malicious code, likely leading to further infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.