Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2339e627dd38a481

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5fff06ab1c50d6559042ba1e1c2a7ad1 SHA-1: 489e910e06301e5e74a1e570127ea829dfd8308f SHA-256: 2339e627dd38a481a618e1e6c4a8cf356f24e487f55ca672306d225a9dd3b24d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The OOXML format indicates it likely uses macros to achieve this, aligning with common Qbot delivery methods. The primary attack pattern involves tricking the user into enabling macros to initiate the download and execution of the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.