Qbot Office (OOXML) / .XLSX malware analysis — malicious · d55162751a9051c3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c3a198af600664ed3c050b5a31526627 SHA-1: b5b6d346c23acca08d502bb908260b671624afe1 SHA-256: d55162751a9051c3cd00d6e8701d98a51c2b23d2c0dd34d5941982a17da1a58b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', which strongly suggests it is a Qbot variant designed to download and execute a secondary payload. The presence of macro-related heuristics further supports its role as a dropper. The file's purpose is to initiate a malicious chain of execution, likely leading to further compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.