Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8bc2dbf978b94255

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e4ea7f5cabb841d748537b2cf1696f19 SHA-1: 3aa4512df578a04ed7308ee61286a920b54e8d08 SHA-256: 8bc2dbf978b9425572b154e1605aadfbd4e53d514274c2754bd118dfb355c450

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which then execute the Qbot payload. The primary attack vector is likely spearphishing.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.