Qbot Office (OOXML) / .XLSX malware analysis — malicious · 914cdb93f89140a1

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 086431c54e3cb6f173d82e7a06811ace SHA-1: b6f36596201f058e4855f9416d80eb15761d330b SHA-256: 914cdb93f89140a17f546395be8ae7bbfb4e73cfe97891f9cb1078f31bec33e1

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. The presence of macro-related heuristics indicates it likely uses embedded VBA to initiate the malicious execution chain, fitting the pattern of a macro-based downloader.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.