Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2ab8c246332a9123

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 80a94d1526e15479c934f90ed7136891 SHA-1: 94a92fc9b98eda0dc9f88baa338ee413b68cc28b SHA-256: 2ab8c246332a91239615f3450f4a13d7c7d4a083933e38c98225a14252c265df

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to deliver a secondary payload. The primary attack vector is likely spearphishing, leading the user to open the malicious Excel file. The file's purpose is to execute this payload, which is characteristic of Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.