Qbot Office (OOXML) / .XLSX malware analysis — malicious · bca3c54a3f03f889

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3fd7aa0dbf4ecadae68d4fd3afe62117 SHA-1: e04b5207d8c2c6b034ba7892d0f68798c31f360f SHA-256: bca3c54a3f03f88986962cea4988d8f62b6591d8bd8a85f520adafe0c2796b31

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicates this Excel file is a Qbot dropper. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. This file likely serves as an initial infection vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.