Qbot Office (OOXML) / .XLSX malware analysis — malicious · f26ba0769fd04bd2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bbf3869114d258c7ffd9f51dd22348da SHA-1: 90bf02196cf914a61eefb1572d90e45d07b75238 SHA-256: f26ba0769fd04bd211d69c2a01129f943ebe3ce926585cdddb233d269ca198ee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to deliver a secondary payload. The primary attack vector is likely spearphishing, leveraging the malicious nature of the Excel document to execute its payload upon opening. No document body or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.