Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3b835598173e9217

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fa9e45bb7cc83e54e354684a95428474 SHA-1: f8ca91ad9a1e505da5b1a38b3dfa2f3f7e647187 SHA-256: 3b835598173e92172a0cbe79d29601773c3322454ba354e02babc2ec41906bc0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The heuristic firing suggests the document is designed to execute malicious code, likely via macros, to download and run the Qbot malware. No document body or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.