Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2a74b641b077b043

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a62b4b3b1395799ff80d3ed561f10044 SHA-1: aa3e8e5a2b88e90328e4b75dd2f469cb70fa2c4e SHA-256: 2a74b641b077b04373a4d81f621be4bccae27793a9919db12159547a59d2e9ba

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot downloader. While no specific IOCs like URLs or scripts were extracted, the heuristic detection is highly reliable for this family. The primary attack pattern is likely spearphishing attachment, leading to the execution of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.