Qbot Office (OOXML) / .XLSX malware analysis — malicious · 317b2ae7d1394495

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f125c5dacda2a8bcec2aa3a68b1674a7 SHA-1: 48ffa68d53939c3092efad1800a1fc8edc9ba58f SHA-256: 317b2ae7d139449528dccc8be504c5da774babfadd6f5ac93d7eeeccfb70c4b3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no VBA scripts or document body text were extracted, the heuristic detection itself is sufficient evidence of its malicious intent to download and execute a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.