Qbot Office (OOXML) / .XLSX malware analysis — malicious · 54e08f588a3a35eb

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1563253625dcf3661a129998478b1a52 SHA-1: 7d32f85156f76fab4a9e1f274d00a5a7f07e741f SHA-256: 54e08f588a3a35eb96a4c26f22a0c6a445b4615954065b91fc97a62f3b49a29b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then initiate the download and execution of the malware. The primary attack vector is likely spearphishing attachment, with macro execution facilitating the ingress of further malicious components.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.