Qbot Office (OOXML) / .XLSX malware analysis — malicious · 240b6606bf9dee02

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 528163eee36d9ada1af69668e4b5c84e SHA-1: b6c10f679576662108bfc82d9360e7d96808ecb7 SHA-256: 240b6606bf9dee02211574efa708256df6c5cc09d829397040675e1060b90a40

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as a Qbot dropper, indicating its primary function is to deliver the Qbot malware. The heuristic firing strongly suggests the document contains malicious macros or embedded objects intended to execute the payload. This aligns with common Qbot distribution methods via malicious Office documents.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.