Qbot Office (OOXML) / .XLSX malware analysis — malicious · b6b112bc50aae38d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5e0ec032ef3f3275897c1f103545f5d1 SHA-1: 41c223752ea2e7c95cf3182c6c9fe7c43f1416a1 SHA-256: b6b112bc50aae38d61fdcc74b6dafed708c233a1456c13f80499ff99cb009623

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The primary function appears to be the execution of malicious code, likely through macro or exploit, to download and run further stages of the infection. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.