Qbot Office (OOXML) / .XLSX malware analysis — malicious · ddaf6a591a32a986

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c841510a33f1c2f49a4886c8aac3e6b0 SHA-1: f1850055db403e0cf1356218755ab26cc94600d3 SHA-256: ddaf6a591a32a9860ad55b4594fe6810e6b84e83dab1374e7097c94541ad4db3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload. The heuristic firing is critical, providing high confidence in the Qbot family attribution and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.