Qbot Office (OOXML) / .XLSX malware analysis — malicious · a51032a57289b0f1

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 27873b3a49f7272d4220bcb4d2822be4 SHA-1: 2dd3f0d6b2df1104edab65bd894b71bb88667107 SHA-256: a51032a57289b0f156eaf3bdcdcc65d23c84002c5fb7a6b4a7abebeb311c9939

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. Further analysis would be required to determine the exact execution method of the secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.