Qbot Office (OOXML) / .XLSX malware analysis — malicious · f376aecdb578bce9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 63361a7ac076462e81b06e0b00a96d9e SHA-1: 830f2e8d4988322426c12d3a5ff58aa39ecebe80 SHA-256: f376aecdb578bce91eadf4d09a8d32e39068293d9b17114b7e0f5d5da56eac97

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot variant used for dropping secondary payloads. While no VBA or scripts were explicitly extracted, the heuristic firing suggests the presence of malicious code within the Excel document, likely designed to download and execute further malware. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.