Qbot Office (OOXML) / .XLSX malware analysis — malicious · ce25f7c55e12625a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 97cbe4f9b83fc15baec4712c16efb6ee SHA-1: 5251ada0b6d4d94d36748ec00380037fe663ab61 SHA-256: ce25f7c55e12625acd0606e9ddd031a3bf181d705bcc41b70ffcf55a3dca8a24

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to deliver a secondary payload. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.