Qbot Office (OOXML) / .XLSX malware analysis — malicious · b6a2e16bc83fcb19

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f86843eef25b1e8c6dde7bbabead2685 SHA-1: 75e2d2f4d203ca2d6a8c4560669e94f0f9bab02e SHA-256: b6a2e16bc83fcb196013f55e2a59b92ee7b2ecf2409bb3f44f76f86042027dee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant. As an Excel dropper, its primary function is to execute a malicious payload. The presence of VBA macros, though not explicitly detailed in the provided heuristics, is typical for this type of attack to facilitate the execution of the secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.