Qbot Office (OOXML) / .XLSX malware analysis — malicious · 31c8aebd2b2ad42e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 069ef54ceba69e212b2f5c182688ceff SHA-1: 13825b117c6226d7daa947288769e25f52b43c22 SHA-256: 31c8aebd2b2ad42e8525f0dafae959578be17ba5c8580d2d5df9cdcf147468c5

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel document, it likely uses macro execution or an embedded exploit to achieve this. Further analysis would be required to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.