Qbot Office (OOXML) / .XLSX malware analysis — malicious · a5e6536c69b60d1d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ab684e70c4c4b663b5a73c7951bb731f SHA-1: 2238c0c63becc935546f7b9195fd3bf86a82c3c3 SHA-256: a5e6536c69b60d1da3e3e94dc5eee5dc987417259bdaa5f15609fdf4537fcccf

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This heuristic strongly suggests the document's purpose is to act as a dropper, likely leveraging embedded macros (though not explicitly detailed here) to download and execute a malicious payload. The file type and heuristic firing are sufficient to attribute it to the Qbot family and infer a phishing-based delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.