Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3d47f63970ec0199

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 391668905f4e178babf6d0dbf7f8d6ae SHA-1: 86bc9e3546b1ad6eca7b65f898f12160555ef75c SHA-256: 3d47f63970ec0199922d696264bd38670c018cb61b5491f3800855adefc0a0cc

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious content. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The detection name implies a dropper functionality, aiming to download and execute a second-stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.