Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2ec387fcecef0cb4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 36275fe5cfea852e943590394dd5ee97 SHA-1: 694963d63df24d44c087672afe12a5a32a5ece1f SHA-256: 2ec387fcecef0cb4267dbe6b68d3ea781cfc7cf0f970e784f1dd641f4c3b21bd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. This file likely serves as an initial infection vector for Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.