Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2b5cf432f23c9b56

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ec57dbe79dfeccbe951dd9d659914b4d SHA-1: b42ec70952e6b263092127e2f3e1dd0a545c7729 SHA-256: 2b5cf432f23c9b56e55b0e4522d9b27d8726422c088f4e9589121b4812e98fc7

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel spreadsheet. This type of file typically uses social engineering to trick the user into enabling macros, which then download and execute the Qbot malware. The detection suggests a high likelihood of this attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.