Qbot Office (OOXML) / .XLSX malware analysis — malicious · 47d2ac10bc687560

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 68c57a3c431af3e7b02becacd65f9cb2 SHA-1: 7543ce7495987f44658da688aa4e76e97490a983 SHA-256: 47d2ac10bc687560e9a9cc503f88429200151cafd816fc5dcf8f655dcae20013

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no document body or scripts were extracted, the heuristic firing suggests the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.