Qbot Office (OOXML) / .XLSX malware analysis — malicious · dbf144fa37cb68fe

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1161b9662ae6253042f20c5bfc13bb6b SHA-1: 460b598b676abbeff057ee6fb57d7b9356c40f25 SHA-256: dbf144fa37cb68fe53525b09af81661622b333c336423837e5cddf174e28f1d7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant used for dropping secondary payloads. The malicious nature is confirmed by the verdict and heuristic firing. The primary attack vector is likely spearphishing, leading to the execution of the embedded malicious content.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.