Qbot Office (OOXML) / .XLSX malware analysis — malicious · bcbb396eb5ac1dea

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7f4e4ba745d10f4be5a7fc43acdc2dd5 SHA-1: f39b3a86cd619f9dbbc8d11f001ad9359c2837f6 SHA-256: bcbb396eb5ac1deae799abf3a732a9743a7d3183dc35e426dc4e64c8eaf5596b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload. The heuristic firing directly points to the malware family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.