Qbot Office (OOXML) / .XLSX malware analysis — malicious · 410d5c04e44c4621

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3d24c4a52ab60ac637e373551a9a4074 SHA-1: 1657a0a69d0577e412cc665a4f1af3ae9041fb8e SHA-256: 410d5c04e44c462165e1382ec1f2b95cacf1de2100529af22624732672f18aa3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. While no specific VBA or script content was extracted, the heuristic firing suggests the Excel file likely contains malicious macros intended to download and execute the Qbot malware. The file's metadata indicates it is an older Excel document, potentially used for initial infection vectors.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.