Qbot Office (OOXML) / .XLSX malware analysis — malicious · 966a3400a7accee6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a027ff86c91faa41a9a757d2bb74412d SHA-1: ab5981ad157a2abd788329673b9da57a118c351f SHA-256: 966a3400a7accee6aedbd3b64ba5ee4db964c51459d61e56364ff572d1ecbd69

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to deliver further malware. While no specific document body or scripts were extracted, the Qbot family is known for its use in financial fraud and credential theft campaigns, often delivered via malicious Office documents.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.