Qbot Office (OOXML) / .XLSX malware analysis — malicious · beb115758567e6b1

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8bd7ea2f656a8fbdaf8f0e2a9817e532 SHA-1: 0c0218336003101e8306e35fbe539a8e81ad3797 SHA-256: beb115758567e6b1ab6c1b6db6ef7117d6202b405635ee8a974fddf863a86256

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user to open the malicious attachment, which then executes the embedded payload. While no specific scripts or document body content were provided, the heuristic detection strongly suggests a malicious dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.