Qbot Office (OOXML) / .XLSX malware analysis — malicious · 237972b2de31e18e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: cd58b8c39cf0c7778ce680f293799b21 SHA-1: 68dfa107ce32ec8b952a1651e3e6171e55fd315d SHA-256: 237972b2de31e18e62b5b3417aa866102e291b3b3b0a768d24c0af61c49e953a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack vector is likely spearphishing, leveraging the document as an attachment to lure victims into opening it.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.