Qbot Office (OOXML) / .XLSX malware analysis — malicious · d6c2268c749e7347

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0669de8847f48bbb383ad075f3d434b4 SHA-1: 1c41a9f3ee762fb5b2c5d0933a438ce16559e7ce SHA-256: d6c2268c749e73476c49a42de433b3eb44af2e2a5a880f90fd843b4c6c1ed928

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses malicious macros to download and execute the main Qbot payload. The presence of this specific ClamAV signature provides high confidence in the Qbot family attribution and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.