Qbot Office (OOXML) / .XLSX malware analysis — malicious · 32a5a4239d0ab0bf

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0d27a323a17e2ed5d7dcf35a239edb4d SHA-1: 5ad1d129a921122a9dfca4a28be802cd3a14d86a SHA-256: 32a5a4239d0ab0bf3f2215546b626e77187b377b79850bd2419ca054d16e8003

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious code. No VBA scripts or document body text were extracted, but the ClamAV detection is sufficient to infer the malicious intent.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.