Qbot Office (OOXML) / .XLSX malware analysis — malicious · cc479ccff8348705

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2cfedd901179fa05559d7692a5c1b09c SHA-1: ad4f86ac690134435804d5722edc2c16791a4f4d SHA-256: cc479ccff8348705c28247c18531cdfd07b2ec0bddb448bd3f8c70bd3348ba8f

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses social engineering within the document to trick the user into enabling macros, which then download and execute the Qbot malware. The detection name itself suggests a Qbot family association and a dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.