Qbot Office (OOXML) / .XLSX malware analysis — malicious · 51b7606d5ab4e5ab

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1cf8acdabf550795d2d9516273272878 SHA-1: c097ab326ce5451a23fc52a8c628bf07a9893665 SHA-256: 51b7606d5ab4e5ab5c97a883bbfab297669b5df1f69b7bfd1dcf816479c3f94c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious content. The OOXML format indicates it's likely an Excel spreadsheet intended to trick users into enabling macros, which would then initiate the malicious payload download and execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.