Qbot Office (OOXML) / .XLSX malware analysis — malicious · f5de840b5421629b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3c4fdb1a90ddd884ebc728f0cd5caeb8 SHA-1: 83d4fccba871389931bbc8e765fa764f3b7b64d6 SHA-256: f5de840b5421629b5c82f4312cda7aff3df57259f1a5c8bc606581ef8f1ab9ee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type suggests it was delivered as an attachment, likely via spearphishing. No VBA or scripts were extracted, but the heuristic points to a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.