Qbot Office (OOXML) / .XLSX malware analysis — malicious · b670306bdea636d6

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1623b71b2bf96a747bc1aa85182c7a03 SHA-1: 35c96bc391b669c96f8e9cd045bdea1613891911 SHA-256: b670306bdea636d692de55220466aef3e02b872069681d82021b34b4b108b54e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial payload. No scripts or document body content were extracted, but the heuristic detection is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.