Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1fe260e06b7f8404

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a35254c52f8b631af57046ac78d6fe9c SHA-1: 492f499cfe3080252c68e5b5a92da360eb57579b SHA-256: 1fe260e06b7f8404ae2a0c07bc7fdf953bbfa4eb800207ec5689126623da7ec6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to deliver a secondary payload. The file's structure as an Excel document suggests it was likely delivered via spearphishing. No scripts or document body text were extracted, but the heuristic is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.