Qbot Office (OOXML) / .XLSX malware analysis — malicious · f8402d373a17ebd5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 00a80c7fc3e2a4fcf046c0ff471142dc SHA-1: 2096f1dd2614d75ae5f048364522b4ca38612d14 SHA-256: f8402d373a17ebd5d166cb74203465de0801785d1736c8447bd04fdfedb61e53

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type indicates it likely uses macros or other embedded content to achieve its malicious objective. The primary function appears to be the execution of a malicious payload, characteristic of Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.