Qbot Office (OOXML) / .XLSX malware analysis — malicious · 829b7fdaea0c11cb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6e5286ede12888a79829dc818cecc2c8 SHA-1: 6a6359fa0cfae8fc096fc0fa022ce1c5e77ff6fb SHA-256: 829b7fdaea0c11cb0dc7c4e213f0e650b95166f337818b99d27a2981f716be31

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop and execute a malicious payload. The presence of macro-related heuristics further supports its role as a downloader or initial access vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.