Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8a582524e8f777f5

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 28d0b072687daaeba24ddc3b71fd664e SHA-1: 6f3bf8fa1179ee0017b022bf1051739f74ebfa2e SHA-256: 8a582524e8f777f54948f448dcaef696645fdf64565a3e75311981d5abbef31e

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user into opening a malicious Excel file, which then likely executes embedded malicious code to download and run a further stage payload. The lack of document body text or scripts means the specific execution mechanism cannot be detailed, but the ClamAV signature is highly indicative of Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.