Qbot Office (OOXML) / .XLSX malware analysis — malicious · a13514d2d1821013

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b0b6eee91df1cbbb39f0afe17220b2f3 SHA-1: 9fc748b2c352c0e044191b52dcb6bc2dfc75ae9d SHA-256: a13514d2d18210132f0ccb74cca3f3c6f34ab3c5c303a58ef1e2c9b332dda07b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The Excel format and the detection name suggest it's intended to lure the user into enabling macros to execute the malicious payload. No document body or scripts were extracted, but the heuristic is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.