Qbot Office (OOXML) / .XLSX malware analysis — malicious · 21352d24ea48d56d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f63e12e3bb4e1f033e735b9d1e07ec79 SHA-1: 48df298c897377e983f17231b811830aa7a4bd1f SHA-256: 21352d24ea48d56ddabdc3dcca7ce27ed748de5b649215e53bddf50cc9125627

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel file likely functions as a dropper, intended to download and execute a malicious secondary payload on the victim's system. The primary attack vector is likely spearphishing, leveraging the document's perceived legitimacy to trick users into opening it and enabling malicious content.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.