Qbot Office (OOXML) / .XLSX malware analysis — malicious · b9cd86ee4973f0ef

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c2a3ac3e2f7f6441bf9ecdac7b448693 SHA-1: a1a8204fa44d866e75fbc3fe72162882d7992833 SHA-256: b9cd86ee4973f0ef7fe9ca8b4f53c97a408fd9670f307a2bee37ecefcf5b60bd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its primary function is to download and execute a malicious payload. The heuristic firing strongly suggests Qbot family attribution and a dropper attack pattern. No document body or scripts were extracted, but the ClamAV signature is sufficient for high confidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.