Qbot Office (OOXML) / .XLSX malware analysis — malicious · b0afbd3be378d7ef

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 37e7cccee7f8679b4252abd04c35b1c6 SHA-1: e1399744fbb53a96ad11a965917068f6f67ff237 SHA-256: b0afbd3be378d7efaf8a6ea64eda77e53d6fea34b75476b4bfb3e027cc7f9a27

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses malicious macros to download and execute the main Qbot payload. The heuristic firing directly points to the Qbot family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.