Qbot Office (OOXML) / .XLSX malware analysis — malicious · 42e0ef3c7fc92772

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5a5bac83c7612d288b550d0b5bb99815 SHA-1: 50801225249a3f285718fdaa1b38ba3ec22f4b97 SHA-256: 42e0ef3c7fc9277299a40799684837e593a4d61300eb01a7c7869e13907f3c36

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to download and execute a secondary payload. The file's nature as an Excel document suggests it was delivered via spearphishing, and its dropper functionality aligns with Qbot's typical behavior of transferring and executing additional malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.