Qbot Office (OOXML) / .XLSX malware analysis — malicious · 54663716ef870b80

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c25ef1ba0af51076ff33d87722457896 SHA-1: 9eafe06027e53990ee55364cdc0fa18e15e14d91 SHA-256: 54663716ef870b80cc4ca072c7cfafdbe75d23344796961d4d87b84c9b8cba3a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to download and execute a malicious payload. The presence of macro-related heuristics further supports this, suggesting the execution of Visual Basic scripts to facilitate the download. The primary function is to act as an initial access vector for further infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.