Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2aa15a41efeefd52

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 046dc90ed1fb117c9edb2177a4e08451 SHA-1: fe0fc909c4b813ecc2f16b698c50a742c7137a3c SHA-256: 2aa15a41efeefd526fb5c110d0d8672549d96a92749df0d678818e71313afb5e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary function of such documents is to trick users into opening them and enabling macros, which then execute the malicious payload. The detection name itself suggests a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.