Qbot Office (OOXML) / .XLSX malware analysis — malicious · fa9e8ed4abbca8af

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 29dd14ca4d5157c3e5c5d23df7a5e51c SHA-1: 55f25fbbdc51b5fc7ee2debe8b38939ea21aa7eb SHA-256: fa9e8ed4abbca8afcc63cd17cc2255452246e0aac0c6e5a3717acc73723d7d47

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Excel format and the detection name indicate a likely phishing attack vector, where the document would be sent as an attachment to lure the user into executing malicious code. No scripts were extracted, but the heuristic firing is sufficient to infer the dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.