Qbot Office (OOXML) / .XLSX malware analysis — malicious · a27e6768de2624e8

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0d96974930b12bab6656330972c46527 SHA-1: a2f394c4d3921f1393b0d98e1cd0fe49529788fc SHA-256: a27e6768de2624e8b40f989071ffcdf91c404c41e6dbc13a8c76a49b94273fe7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses malicious macros to download and execute the main Qbot payload. The presence of this specific ClamAV signature is sufficient evidence for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.