Qbot Office (OOXML) / .XLSX malware analysis — malicious · b80e37fe7ae1ad37

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 80307ba8b82687b61ffcbf46d26f6129 SHA-1: 664d04e0c717434d3bc94f2698b1fcb668a2134b SHA-256: b80e37fe7ae1ad37d82819f541182806f5820cfd51a47cd4c273fa1527f654c2

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Such documents typically rely on social engineering to trick users into enabling macros, which then download and execute the Qbot malware. The specific heuristic firing directly points to Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.