Qbot Office (OOXML) / .XLSX malware analysis — malicious · aca2910cea284701

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 84c6dbd78dab3719b27c8ae948c2791b SHA-1: ed632fc67a0759510ea277e455eb52d1df21dff3 SHA-256: aca2910cea284701ff1431cf73ea843fbc9613510df310b139c7a622f289236d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to download and execute a secondary payload. The file's nature as an Excel document further supports a phishing or social engineering attack vector to trick users into enabling macros or executing the dropped content. No document body or scripts were extracted, but the ClamAV signature is highly indicative of Qbot's typical dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.