Qbot Office (OOXML) / .XLSX malware analysis — malicious · 833a2e59ded319b5

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7519d62aa5848688ccfccbaa948a7483 SHA-1: 9f0696480dc57c0e80253ebee4c2dc4f134fd570 SHA-256: 833a2e59ded319b5d58f709264a6c043616747fba376583452d519e3433a19df

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload. The heuristic firing directly attributes the file to the Qbot family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.