Qbot Office (OOXML) / .XLSX malware analysis — malicious · ce5c004998cef545

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 28addfb052350002976a6f949dcc1155 SHA-1: 34179f853ed949a321411a7f76827fbb0c4c13f9 SHA-256: ce5c004998cef545af3ba74e0d5abd154dcd9ce0c58d1dda47925118c3c6c261

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type indicates it likely uses macros or other embedded content to achieve its malicious objective. The primary function appears to be the initial delivery of malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.