Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8f6197ebf9c3a7c1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 02c08da1cda62f98742340fe9decf5ab SHA-1: 836265c84114e822d2744e0a8309c5d784a98d6a SHA-256: 8f6197ebf9c3a7c19ab2e0ac95cb4333b00748112c0133ff14b0532287565865

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot variant designed to deliver a payload. The detection name suggests it functions as a dropper, likely leveraging embedded macros or other executable content within the Excel file to initiate the infection chain. The primary attack vector is likely spearphishing attachment, leading to malicious file execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.