Qbot Office (OOXML) / .XLSX malware analysis — malicious · b944faa9fc9b7d32

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a175c46a14f6e3a6cb0b15c30f61048d SHA-1: 8bcf24c89904ea5d286f0956441399e15942427f SHA-256: b944faa9fc9b7d320a38a350c9efa98e0d3ebddc2de6f6d11872a0f106306eaa

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The Excel format suggests it was likely delivered as a spearphishing attachment, intended to lure the user into enabling macros to execute the malicious payload. No VBA scripts or document body text were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.