Qbot Office (OOXML) / .XLSX malware analysis — malicious · 32dc208377b2b8e6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b32709f2b92a7e766f10746f2022caca SHA-1: fd38615d703ac7bb97659de0121d6aa332cc597e SHA-256: 32dc208377b2b8e632a7a75707bb78f6aae66f7378f3a8ace3b77002c076bf2a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot variant designed to drop further malicious content. The primary attack vector is likely social engineering within the Excel file to trick users into enabling macros, which would then execute the payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.