Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4a972b7a49a23494

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9edc72582e8760918205d8c94ff81f75 SHA-1: 967551094c2f8edc0b11b660b3745bfe78e9d607 SHA-256: 4a972b7a49a234940083c64661a79bb27bfd9def293752c5d85c4b0a7b9f8843

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious documents to lure users into enabling macros, which then download and execute the main payload. The presence of this specific ClamAV signature is sufficient evidence for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.