Qbot Office (OOXML) / .XLSX malware analysis — malicious · cf562c867a32b258

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: cf4e8e3ba640d8b44c900aa1c3ac12e3 SHA-1: 88305e20148588b9b0a360544b3cb77f5a63e4b0 SHA-256: cf562c867a32b25831da816ccdd9ff29dae1b2dd033252f53a5041f54d070eee

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to act as a dropper. As a macro-enabled Excel file, it likely relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. No document body or scripts were extracted, but the ClamAV signature indicates a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.