Qbot Office (OOXML) / .XLSX malware analysis — malicious · a4e4f57d2a084030

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f4e3677108a793c2d507ca9052de49fa SHA-1: ccfab4d6479d5a660b2d695e8a4186f0516218d1 SHA-256: a4e4f57d2a08403024d9afeb8ff43adfe84374e7c0a7d65d8d3f3fe39ffef7cb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no VBA scripts or document body were extracted, the heuristic detection itself is sufficient to infer a malicious intent to download and execute a secondary payload. The file's metadata suggests it is an older Excel document, potentially leveraging older exploits or social engineering tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.