Qbot Office (OOXML) / .XLSX malware analysis — malicious · c0e564ae38f66160

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ad92b9562b8db4a32f95cae34906a0b2 SHA-1: 7e23724758c95a7889de27adf169b95176a06a2b SHA-256: c0e564ae38f661606fc784b42e325863b4e470725a80be05b1dae81eeaf093ee

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic identifies this Excel file as a Qbot dropper, suggesting its primary function is to download and execute a malicious payload. While no specific VBA scripts or URLs were extracted, the detection strongly implies a malicious intent consistent with Qbot's known behavior of delivering further malware. The file's metadata indicates it is an older Excel document, potentially leveraging an older exploit or social engineering tactic.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.