Qbot Office (OOXML) / .XLSX malware analysis — malicious · b11d5ea010af3345

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8310adad4de177b9a38524368e0c8171 SHA-1: 786293139aa04ef0ca20724e237e656f111447d2 SHA-256: b11d5ea010af33456e16a09ef9876d64385097ccd6556d300a59464b52e0d498

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The detection name suggests it's an Excel file (Xls) used to drop malware. While no specific VBA or script content was provided, the heuristic firing is sufficient to infer its malicious intent as a downloader for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.