Qbot Office (OOXML) / .XLSX malware analysis — malicious · 5229880a8b1fd6fc

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8180f9f1d76fc42671e516c6c3b4fc94 SHA-1: 0f6a0318b4fedb6a4a0eeec162b574182f58d018 SHA-256: 5229880a8b1fd6fcff3db48e226e43e33176b7a87be18c16201d1d0a5bae9b67

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the dropper functionality. The dropper's primary function is to download and execute further malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.