Qbot Office (OOXML) / .XLSX malware analysis — malicious · 55a22b0c540565f2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fc2add19c5bc448f90a3f07fe13d28f1 SHA-1: 3930cbd1eccb3178d0076f9e057c91ad79e24715 SHA-256: 55a22b0c540565f238f00dfbf025a65060674cdb3aedced63865260c68fc35c1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The critical heuristic firing indicates detection as Xls.Dropper.QbotDocu12020-9818439-0, strongly suggesting Qbot family activity. This type of dropper typically relies on social engineering within the document to trick users into enabling macros, which then execute code to download and run a secondary payload. The file's nature as an Excel spreadsheet further supports a macro-based delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.