Qbot Office (OOXML) / .XLSX malware analysis — malicious · 51e599d16d6022d7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fab23d5af6d4ec2c564db31a82a7c57b SHA-1: 5fce5e9aa7f58ed7076c413d370ae7bea818d8d3 SHA-256: 51e599d16d6022d7f1d75ccd0c33ea6c248f05f1d91439eda9c63888356e4bbe

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting Qbot family involvement. The heuristic indicates a dropper functionality, implying it downloads and executes a secondary payload. This is a common tactic for Qbot to establish initial access and further compromise the victim's system.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.