Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2db95f42c8dcda65

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0e68d2cf1ce09e91a3ba352a55b46a84 SHA-1: 31cc98819188ddd8f2f25d133ceb27b6385a1d5c SHA-256: 2db95f42c8dcda6562b837590c60729859dced711e4649b21c1766629aafc87f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. Such documents typically rely on social engineering to trick users into enabling macros, which then download and execute the Qbot malware. The file's metadata and heuristic firing are sufficient to attribute it to the Qbot family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.