Qbot Office (OOXML) / .XLSX malware analysis — malicious · 5617358d7cffdb68

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 822738e5ec7e207ea320e6e29464ba09 SHA-1: 4257dc1dfe229a77d5a59b7f80c952bb1a26f426 SHA-256: 5617358d7cffdb6865ad1d1e22a5d478394d112739f6a63173a5ba533cba12d2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. Such documents typically use macros to download and execute the main Qbot payload, often involving spearphishing as the initial attack vector. The presence of this specific ClamAV signature is sufficient evidence for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.