Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2322bba8d45291c3

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 158b681cc410a2f0c668087e1b818c22 SHA-1: dcccd8c763167cdd396612bc3b4086f8874a5186 SHA-256: 2322bba8d45291c3dfbe02a335ff97a76f641dd2ff28a709bee6a2ca9bc79464

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.