Qbot Office (OOXML) / .XLSX malware analysis — malicious · b82d15d99a51e10b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1e2dfd2305697f8ca0f9081424f8de06 SHA-1: f2a44ac5ff87586d9dba81bb7c94a0f83f73cc09 SHA-256: b82d15d99a51e10bceb3a840e4e4ffdca20d5d2336a8a02f16d14b4e5a21d28c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of document typically uses macros to download and execute a secondary malicious payload, aligning with the Ingress Tool Transfer technique. The presence of the Qbot signature suggests a sophisticated threat actor.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.