Qbot Office (OOXML) / .XLSX malware analysis — malicious · 333e17d79579990e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8b7be1836d351442761cd1715af5ee33 SHA-1: 4424af81905ec55eb9dede0948bd7e827e9e1d30 SHA-256: 333e17d79579990ebf324a1920a6aa91122afdf1d597ccf2ded2a562d3e2aab3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious documents to trick users into enabling macros, which then download and execute the main Qbot payload. The heuristic firing directly points to its function as a dropper for the Qbot family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.