Qbot Office (OOXML) / .XLSX malware analysis — malicious · edc0463b55b0356b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 313e556aa3c8e83dc08837d70a350342 SHA-1: 8b526c915f0824b12c148a8e39ea81ff110a580f SHA-256: edc0463b55b0356b25664e02efda1ab8cc6e780599c09cbef2c900dc6e25aaaf

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The Office (OOXML) file type indicates it is likely delivered as a macro-enabled document, a common initial access vector for Qbot. The primary technique observed is likely spearphishing attachment, leading to macro execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.