Qbot Office (OOXML) / .XLSX malware analysis — malicious · 26a75e69e2a9e0da

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8fb0b534124f70ad5858f34e6db9c740 SHA-1: ef9e54128f65a35e9733b8e7f696626e3a5bc9fd SHA-256: 26a75e69e2a9e0da8ac0835104359c0ac50e8b95f8acd1ecbbd8765bbb4d1159

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot variant designed to drop a secondary payload. The Office (OOXML) file type and the 'Dropper' classification suggest it's intended to lure the user into executing malicious content, likely via macros, to download and run further malware. The high confidence is based on the specific ClamAV detection name.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.