Qbot Office (OOXML) / .XLSX malware analysis — malicious · 424ca853fe46f919

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: aaf6bf7aca38c7ba0a54871b93b1a3e3 SHA-1: a8d0b43bfa3a8b5e58a36c6ff9e970be73514b3c SHA-256: 424ca853fe46f919ce32c41f2e0d5513cb7d9e3080c5174821db7745e0d8823b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. As an Excel file, it likely relies on macro execution to download and execute the secondary Qbot payload. The detection name itself suggests a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.