Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8c1fd25aeaed9659

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2ba2b3d222fe48bcf313ac16c78a1ae6 SHA-1: fd628989b60eb6e25cc749dc970050b9a4350ffd SHA-256: 8c1fd25aeaed965923fb23265a86663c4a2a850a9251563b1c42270eb8a208f3

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. The detection name implies the document is intended to execute malicious code, likely through embedded macros, to download and install further malicious components. This aligns with common Qbot distribution tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.