Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3146b61e8cb63c81

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5e3e8f2b9578afc012da827ac596399c SHA-1: 3f020d1bd36020a366e1d5e1b41299e324a5cc20 SHA-256: 3146b61e8cb63c81d827f7df67dc50da211dd91afe2899626c0bd149f23fcd02

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type indicates it likely uses macros or other embedded content to achieve its malicious objective. The primary function appears to be the execution of a downloader or dropper.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.