Qbot Office (OOXML) / .XLSX malware analysis — malicious · 81858137106bd4d1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c280a648279e6f664357e586c451ae8e SHA-1: 578a61722d2226528c4d9f7f3a9ace2461f35862 SHA-256: 81858137106bd4d1d8300109199ca39ea2b7ff6aaae1de1dcabb6601cb5b9902

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Applet

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The primary attack vector is likely spearphishing, leading to the execution of malicious content within the Excel file. No document body or scripts were extracted, but the heuristic detection is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.