Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3d3a8a0fb5252b95

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 07d7a56cd8130231d88bd3dd96028273 SHA-1: 2b9c0c452e86925f41a2a104a044c54301ff74ff SHA-256: 3d3a8a0fb5252b95f1ef4d8a0714aefcb04b043b3d8438d7696cba51e7bcaa35

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function is to deliver a malicious payload, likely through macro execution or an embedded exploit.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.