Qbot Office (OOXML) / .XLSX malware analysis — malicious · c8e0878012bce391

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6de04f147b56b5083740eccbc5ce7612 SHA-1: 7b73e14ec1d03fb7c8648021a855b16bf21581f2 SHA-256: c8e0878012bce3910683352ee8d0c25c9ccdec6444fe01b896cb15f566007d3d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. This type of malicious document typically relies on social engineering to trick users into enabling macros, which then execute to download and run the main Qbot payload. The primary attack vector is likely spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.