Qbot Office (OOXML) / .XLSX malware analysis — malicious · 37d07bc7b164e9d2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6d1a55b988b0a7c70c0c8c2805e5f589 SHA-1: 9cd50ff2a80fc33652a4eaa2e0b427c77350f9cc SHA-256: 37d07bc7b164e9d22c7250f1fffeb117e96ab4e162226e24f30d04376c6d1256

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then likely executes embedded malicious code to download and install the Qbot payload. This aligns with common spearphishing attachment tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.