Qbot Office (OOXML) / .XLSX malware analysis — malicious · 42d8e2f11d099067

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 50727442dda5e8eeed31f4fabb0d40aa SHA-1: 1d06df98547d8862ea1b57440a10ff0036d50307 SHA-256: 42d8e2f11d0990670d69e97250d68491269ff1f4a0b6399124f930d626da4ede

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to deliver a secondary payload. The heuristic firing suggests the document contains malicious macros or embedded code intended to initiate the download and execution of further malware. This aligns with common Qbot distribution tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.