Qbot Office (OOXML) / .XLSX malware analysis — malicious · ddd7cfac3a808906

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 18d5c6f66f3ec4f5a9c48e32822a1156 SHA-1: d60d7b848b61329505bd1782a01ac7ca8b5d6a19 SHA-256: ddd7cfac3a808906297a90ab999f039d112dd5578ec909635f1c5e4731b75ac5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This heuristic strongly suggests the document's purpose is to act as a dropper for a Qbot payload. The file type and detection name indicate a macro-enabled Excel document likely used for initial infection via spearphishing.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.