Qbot Office (OOXML) / .XLSX malware analysis — malicious · df7e5d9314e50426

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 977f12260186938ca7bc873d09a2257d SHA-1: 083cf44bdd73da375d0cab2fc29cf5e407556151 SHA-256: df7e5d9314e5042627c4663a10f2ef5863401d41b6d8282d1f08ac7131f9ef16

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating a Qbot infection. The primary attack pattern involves luring the user to open the document, which then likely executes malicious code to download and run the Qbot malware. No VBA or scripts were explicitly extracted, but the heuristic firing is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.