Qbot Office (OOXML) / .XLSX malware analysis — malicious · 29b90aca0b1cdcbf

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 46adcb386f3124ff2290a6b607a79a44 SHA-1: b75771552a7408182a36e7ffb5e0eb00f09a5b9e SHA-256: 29b90aca0b1cdcbf6e1dcf0002bf5569e211bffcd6584536b0bb436ede8b5cfa

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to act as a dropper. The presence of macro-related heuristics, though not explicitly detailed here, further supports its role in executing malicious code. The primary function appears to be the initial infection vector, likely leading to the download and execution of further stages of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.