Qbot Office (OOXML) / .XLSX malware analysis — malicious · c62cbcf207184454

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 539aeb163e8419252bc3aad4d1de3be2 SHA-1: c325f252ceb28a75c8b6fcca21ff2e8400aafc3c SHA-256: c62cbcf2071844544f792b451ea1649c556fc4f6aa535788c4b675661135c82e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to deliver a secondary payload. As an Excel document, it likely uses macro execution (T1059.005) to achieve this, falling under the broader category of spearphishing attachments (T1566.002). No further details on the dropped payload or specific execution methods were available in the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.