Qbot Office (OOXML) / .XLSX malware analysis — malicious · d5c34741a4ff433f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f96cdebdf080fa14ee5f90d5c7e484e3 SHA-1: 87cb75fb08b371ef57a92f91c760d297142505e0 SHA-256: d5c34741a4ff433f82c314deef91cf2785012c600245d29392080cd9f2cf7ce3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant. The primary attack vector is likely social engineering to convince the user to enable macros, which would then trigger the execution of the malicious payload. No scripts or document body were extracted, but the ClamAV detection is highly indicative of Qbot's typical dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.