Qbot Office (OOXML) / .XLSX malware analysis — malicious · de5ccd4156e857a8

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4cd9337d9c83abe7f0c58ef730a58edc SHA-1: 00b1f40d34f5bec20e2b23a3cd7eb372033036ed SHA-256: de5ccd4156e857a872ea4d4da9db13d0a398d04355e4dc80a92e44b8305cb066

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type suggests it was likely delivered via spearphishing. The primary function is to download and execute further malicious content.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.