Qbot Office (OOXML) / .XLSX malware analysis — malicious · c8b06d658ac11dd3

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 524073ab9b18a5d6422551dbb837a15f SHA-1: da7c8aa29130d1f416bb9dabeaf0fb45f56e5cc1 SHA-256: c8b06d658ac11dd3adf75ac046e660367e37e60d95c4e4d5d689353ad511719b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The critical heuristic firing indicates this Excel file is detected as a Qbot dropper. This suggests the primary attack pattern is to trick the user into enabling macros, which then likely executes embedded code to download and run a secondary payload. The file's metadata and the ClamAV detection strongly support this classification.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.