Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8106b3669457919e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 83d31000cd746896fb722b56c0416210 SHA-1: debfae28db0d1c16e78fac0f67b998c3913859b1 SHA-256: 8106b3669457919eaa6ba4df4289f7cff2a21fb0bc3c578a11d6fccd2cdab087

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel spreadsheet. This type of document typically uses social engineering to trick the user into enabling macros, which then execute to download and install the Qbot malware. The detection name itself suggests a Qbot family infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.