Qbot Office (OOXML) / .XLSX malware analysis — malicious · a76eb255642b532d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5537de8aa5b89b0b4a0b90388dbde005 SHA-1: 5446938fc81284a687971be3c0241010c6c38720 SHA-256: a76eb255642b532d0361d35ba17f1eeac06195ec7548478db2e96842a6825cdd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no specific VBA or script content was extracted, the heuristic firing suggests the Excel file likely contains malicious macros intended to download and execute a secondary payload, a common Qbot distribution method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.