Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8b0fb539c889cf22

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 85c504f553120fa13c2266fc156983e5 SHA-1: 61a639c6479892bdc562f57067d3b672131be03e SHA-256: 8b0fb539c889cf2208ce856a81fd1ec9b08541c9d861ab9819448b433a5503c0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically lures users into enabling macros to download and execute the main Qbot payload. The heuristic firing is critical and directly points to Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.