Qbot Office (OOXML) / .XLSX malware analysis — malicious · a646171138239255

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a18b25968524d1d59eba9bef7b2a2fd8 SHA-1: 5518100595bc2b64d01954b54dbc31d66416971a SHA-256: a64617113823925509ef4d4a10eb9767a2293a24410980fb114afcf44883f90d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious content. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. No specific scripts or URLs were extracted, but the detection name points to a known dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.