Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1f85311af4f491fd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7b86abb94560e266b451cacffeb4ddf1 SHA-1: f32ab7485dfab8a488d00d71a1352b7b83e37af8 SHA-256: 1f85311af4f491fd31c649f157ea85b0ceed90b2d68393206df5744a684dc7b5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The ClamAV heuristic explicitly identifies this file as a Qbot dropper, indicating its purpose is to download and execute a malicious payload. The file's structure as an Office document further supports its role as a delivery mechanism for malware. The detection name suggests a common Qbot infection vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.