Qbot Office (OOXML) / .XLSX malware analysis — malicious · b8c0f4e8c9669d5b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d08984b1c6ccabccbd067a7e205ceb4e SHA-1: de0d2202bfbc5c33f5ee1bb0484d6d34237bd697 SHA-256: b8c0f4e8c9669d5b2d9a839226b9fd62a4c9e6e980424d49e1dd1ea738487907

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macros or other embedded content to initiate the malicious execution chain, consistent with Qbot's typical delivery methods. The primary function is to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.