Qbot Office (OOXML) / .XLSX malware analysis — malicious · b78c990dff0dc28f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 297d4d2b6af1e7c5403877311b3ba9f0 SHA-1: b94a9bfc48717680e16eba1f858642c307552239 SHA-256: b78c990dff0dc28f3fb573798f6110500282abd13d11a9e10215f218d8783b0f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. The primary function of such files is to execute malicious code, typically via macros, to download and install the Qbot malware. Further analysis would be required to confirm the exact execution chain and identify specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.