Qbot Office (OOXML) / .XLSX malware analysis — malicious · f03597804f93f693

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 76cd3b521765aed851ee4608c0281d3b SHA-1: 91770461699e0b40e47a7d10b8176fd5d06fccfb SHA-256: f03597804f93f6938a8fa5e0d92c919784bbaa4f5e16e4d67deaaff45c26501c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The file is an Excel spreadsheet, a common delivery mechanism for macro-based malware. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.