Qbot Office (OOXML) / .XLSX malware analysis — malicious · eeafba9d4c9ef74b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b5974bc247aec3111ba78b769b693ba2 SHA-1: 39e3bbf8bbc6095b0c8b80d3165ff6a3e09a8c53 SHA-256: eeafba9d4c9ef74b3c1f92b05014c5c39b2fa61f2ec285c6e8317df7b272ab88

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The critical ClamAV heuristic identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting Qbot family involvement. This type of dropper typically relies on social engineering within the document to trick users into enabling macros, which then execute code to download and run a malicious payload. The file's structure as an Excel document further supports this delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.