Qbot Office (OOXML) / .XLSX malware analysis — malicious · 31263ceffa537c17

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ae41819693a3db2becb8c44b82bd16e5 SHA-1: 7f2ffb2ddcaaf98d81084ec48f16304ed871897d SHA-256: 31263ceffa537c1723df144e2f267b78161016a57d1e01a7d76c5962488559e7

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly suggesting it is a Qbot variant designed to deliver a malicious payload. The detection implies the presence of malicious macros or embedded objects within the Excel file, typical for Qbot's initial infection vector via spearphishing attachments. No specific scripts or document body content were provided for further analysis of the payload delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.