Qbot Office (OOXML) / .XLSX malware analysis — malicious · 89d2dbd5431d5abb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8e8c4b40ab9449e5537af243388e51e7 SHA-1: 81f1ff00b046cfb79997ddd97b332bf6da56f913 SHA-256: 89d2dbd5431d5abb7616f0400baab381c49f841156da9db6a4b448f38c5f229d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel spreadsheet. The ClamAV heuristic specifically names it as a Qbot dropper, indicating its purpose is to download and execute the Qbot malware. No document body or scripts were extracted, but the detection signature is highly indicative of the attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.