Qbot Office (OOXML) / .XLSX malware analysis — malicious · 25923310e4cc8ff6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6826d9ea8e752ccab0a22f84c7851024 SHA-1: 01caad6c83ff1d71b6fd5ece96d5935134ad0573 SHA-256: 25923310e4cc8ff629a98866ed37679d6d3e2e2c1fd3a5a5e824bbd19b69fc2c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. Its nature as an Office document suggests it was likely delivered via spearphishing, aiming to trick the user into executing the embedded malicious content. The primary function is to download and execute a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.