Qbot Office (OOXML) / .XLSX malware analysis — malicious · f898463b8808b396

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8a8d8e9771a931708ef10bb547879c15 SHA-1: a9acc61d668f0b4839201e0bd63ed9d4203793bf SHA-256: f898463b8808b3963d97ec45a54683b80d29f2b4e994c162afcbf469a4c034ee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a secondary payload. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious code. The primary function is to download and execute further malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.