Qbot Office (OOXML) / .XLSX malware analysis — malicious · a187ade5f65a01d9

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7b2db0057e70303928d5cb5df65bed1f SHA-1: 369b7a13592ce2d6151fe85f04d0c294e313eecb SHA-256: a187ade5f65a01d9b83d8d45108a9054d773e47f2233c0a4b82c485d031a2d28

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to deliver a payload. The detection name implies it functions as a dropper within an Excel document, likely leveraging macros to execute its malicious function. Further analysis of the document's content and potential scripts would be needed to confirm the exact execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.