Qbot Office (OOXML) / .XLSX malware analysis — malicious · bab09ae28ebfa902

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1a6f4bdb4cfb5a2693ece3dd96878eba SHA-1: 2363d017122e623c30fb906c913c50b68ef47bf4 SHA-256: bab09ae28ebfa902e05d495b51df1cf86e1a8ce218f76959f1b88017fb7f1d8a

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install the Qbot payload. This aligns with common Qbot distribution tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.