Qbot Office (OOXML) / .XLSX malware analysis — malicious · 914e0e698b5c8f04

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0f9e31de6e3565685431b15a10a7ba74 SHA-1: b1da8f29ec2c3eafe4c6c2280d7f2eef56604a26 SHA-256: 914e0e698b5c8f0435cdbd4c84fdf35b9898a291266e365b7430a0932ff91bdc

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to deliver a secondary payload. The primary attack vector is likely spearphishing, leading the user to open the malicious Excel file and execute its embedded malicious content.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.