Qbot Office (OOXML) / .XLSX malware analysis — malicious · b6823f58855e80f2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8ad0ffae062624b7b12343772715a2bb SHA-1: 85a7a3641c185959887bbe2eeb7f76b462c767de SHA-256: b6823f58855e80f2b1c3363cf801fa78bb1823e4a5d9cef32c9ec54b428c088b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a secondary payload. The detection name suggests it is a macro-enabled Excel document (Xls.Dropper) and points towards the Qbot family. The primary attack vector is likely social engineering to enable macros, followed by the execution of malicious code to download and run further malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.