Qbot Office (OOXML) / .XLSX malware analysis — malicious · 439021600c470cd0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e8bee7a78f7d985936af30b3f2be6218 SHA-1: 37584d80f772c9abe88fc1be0cfa5d54da3661ce SHA-256: 439021600c470cd0324fc5a15af00354e1931661dc23bc30d51130d27a91e17e

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes the embedded payload. No VBA or scripts were extracted, but the ClamAV detection strongly suggests Qbot's known behavior of downloading and executing further malicious stages.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.