Qbot Office (OOXML) / .XLSX malware analysis — malicious · c5b77b7898949d65

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0b8cc79f0e5288e9e389fdadcf11a67c SHA-1: 7cbd9e5b8a6d15897372a2b5d4e0d7ca81852856 SHA-256: c5b77b7898949d656d7a18638ba5224b9242c62c88e377f40e7035ec387fd82c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of file typically uses social engineering within the document to trick the user into enabling macros, which then download and execute the Qbot malware. The detection name itself suggests a Qbot family infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.