Qbot Office (OOXML) / .XLSX malware analysis — malicious · a79be77249382359

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2904a73f0d31fe0db4ed2f3bee3e8228 SHA-1: 1e4f2236105e41aa67a15329bfc7624f348c0b7c SHA-256: a79be77249382359d7a6538602606fff289c8bfeb7a16201eac68ad14c4f3ba2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as a Qbot dropper, indicating its purpose is to download and execute the Qbot malware. No document body or scripts were extracted, but the heuristic is highly indicative of Qbot's typical delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.