Qbot Office (OOXML) / .XLSX malware analysis — malicious · 48161006f7c75543

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 88ab4d968b5dd941d6684d26b060d35f SHA-1: 1f6eacd98eb910ded74988778e311b1f1ebe2448 SHA-256: 48161006f7c755438e04b24ccf45af60007bac56deaf005c252b520c5c08d823

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known to be delivered via malicious Office documents, often using social engineering to trick users into enabling macros. The file's metadata shows it was authored by Microsoft Excel, consistent with a macro-enabled document.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.