Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8cb1c3ac96b6099b

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 67490d15905356cb7cdb3882c6d7110a SHA-1: f1dc17e5acf0f0e676adc809420a6a09d2b0ee4a SHA-256: 8cb1c3ac96b6099b0ea7828611645c5ddea1d66c6a7c8e074e10e9efcce22c22

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. Qbot is known to be distributed via malicious Office documents, often using macros to download and execute further stages. The file's metadata and heuristic firing directly support this classification.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.