Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2a9a182a1e2e693d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5857931749571eb2060bd83689f87747 SHA-1: 3a29975105b13c0015efb3c5877fee2b41b3944b SHA-256: 2a9a182a1e2e693d2e0420ad8c0652ad2557a0127628df868b1aa27d4237ce61

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The ClamAV heuristic explicitly identifies this file as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The file's structure as an Office document with macro capabilities suggests it is likely delivered via spearphishing and uses embedded macros to download and execute the next stage of the infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.