Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3136b3f110d13376

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6fba398b36aabd9633f31b4edceeb3bc SHA-1: ced43516f1aa08627a5713bde9beea80ece7b06c SHA-256: 3136b3f110d13376089c4aa5058e36ad0b5ef490907fed139b7388a09ca593c2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to deliver a malicious payload. The detection name suggests it functions as a dropper, likely leveraging embedded macros or exploits within the Excel file to execute the secondary stage malware. The primary attack vector is likely spearphishing, with the Excel file acting as the initial lure.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.