Qbot Office (OOXML) / .XLSX malware analysis — malicious · b6c1a15a96a9757d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 120429fbe7da361c568efff6f3b2d7b4 SHA-1: e244f1d7d9e2fdce5258e34c23f6377f20cbd6f6 SHA-256: b6c1a15a96a9757d8da87f89b40d578268f68222461d865136dc91b29c832105

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. This type of file typically uses social engineering within an Excel document to trick the user into enabling macros, which then download and execute the Qbot malware. The detection points to a common delivery mechanism for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.