Qbot Office (OOXML) / .XLSX malware analysis — malicious · 282f1766930fb70f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d770a591fddf5bb6a815200a99e57b8c SHA-1: bba3463f10518b283b7b9d12c3283a660a5d2928 SHA-256: 282f1766930fb70f01bafcbcc55fb0ab51ce086338eaaf66a9f3152fb32e9d09

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot downloader. While no specific IOCs like URLs or scripts were extracted, the detection signature itself is sufficient to attribute it to the Qbot family and its typical delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.