Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2200a96a8e5f3944

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8ae2d928b77668a0e09e1af306126d06 SHA-1: 6f1c4e44d875d6378c33498a238264f644e3e032 SHA-256: 2200a96a8e5f3944238c3e1b426467e8c5f87f0113f27ddf3f724152f1968782

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious content. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.