Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1a65113f49f852b3

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2da34b445e652b2dc9f9871d2ee25f05 SHA-1: 97c9d0bd14d474afba91b8f05d65703f991d17e1 SHA-256: 1a65113f49f852b3db3eebda0f571044f058e21e88e66925d55490188458c257

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic firing directly identifies the sample as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of file is typically used to lure users into opening it and then download and execute further malicious stages, characteristic of Qbot's distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.