Qbot Office (OOXML) / .XLSX malware analysis — malicious · d925e654a88167d2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ec2eb688ee5d1a9a9b47a77f63cda9fe SHA-1: 637125b1e1307e1e87622a09e301ca11a9a083f1 SHA-256: d925e654a88167d2cde9ba3d99329b7d1a723016190a1b1dacb71b24b8801587

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a malicious payload. The detection name itself suggests a dropper functionality within an Excel document, likely leveraging macros to initiate the infection chain. This points towards a phishing attack vector where the user is tricked into opening the malicious spreadsheet.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.