Qbot Office (OOXML) / .XLSX malware analysis — malicious · b40e052a4ad7cdea

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a7593dd2c0a15fdae7b52ff6074a6989 SHA-1: c76674c896dad26cd79ec869024b6eed3882d06d SHA-256: b40e052a4ad7cdea62189ad91317f09e01c10195087ae5e7d6c8a0daaa029aa5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type and the critical heuristic firing support this classification. The primary function appears to be the execution of malicious code, likely through embedded macros, to download and run further malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.