Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4e755eb32604b0d6

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c1a07e313ab7d5d3e0caa92885a857e6 SHA-1: 43c91a7b5b368efca6d4059cf26cede09968e155 SHA-256: 4e755eb32604b0d6bb9907a07d0aa545837ce3c16dc8d4c1c5193fd314ed7a63

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its malicious intent to deliver the Qbot malware. The heuristic firing strongly suggests the file's purpose is to execute malicious code, likely through embedded macros or exploits common in Qbot distribution methods. This points to a spearphishing attachment attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.