Qbot Office (OOXML) / .XLSX malware analysis — malicious · e5c137b326bf8e61

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a1a21e8108fd01506f80a45848181c5d SHA-1: b5583a49b28d6644172e10a4630f0e831e63cc88 SHA-256: e5c137b326bf8e61b3a42343763fb25549d429b37b44e483eda33cfd278160b5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The presence of macro-related heuristics, though not explicitly detailed here, is typical for Qbot delivery via malicious Office documents. This suggests the document likely contains malicious macros to download and execute the Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.