Qbot Office (OOXML) / .XLSX malware analysis — malicious · d9b7ddf84ed44b24

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2da070f94ba2fce90837e7fa4b20bb7c SHA-1: fb4c675c2ad6a2cda3faf1fe263e75da28f5d92c SHA-256: d9b7ddf84ed44b244bc03d1a5eff45f834951e3f9bc1d59ede4d08784cadf368

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Excel format indicates it was likely delivered via spearphishing. No VBA or scripts were explicitly extracted, but the dropper nature implies it executes malicious code upon opening.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.