Qbot Office (OOXML) / .XLSX malware analysis — malicious · f0f296bcf56801c7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f717827b58871927e787096c030f56b0 SHA-1: e829175984b91b9cea81288c2a5acbc35cb22d44 SHA-256: f0f296bcf56801c72e6a29030d47e197d3626d9db39f1638ff819c422d2a59f9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a malicious payload. The detection name suggests it is a document-based dropper, likely leveraging macro execution or other Office vulnerabilities to achieve its objective. The primary attack pattern involves tricking the user into opening the malicious Excel file, leading to the execution of the secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.