Qbot Office (OOXML) / .XLSX malware analysis — malicious · e061c9f740a9ed48

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7a10bf6e94538a48d7ebcfa3208cb96b SHA-1: 695379c020246fe0cdb9b473c8a48ae67d2b277e SHA-256: e061c9f740a9ed4871b21856dd6778bfd463703a2f82208df62613f2647b28d0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. This type of document typically relies on social engineering to trick users into enabling macros, which then execute malicious code. The primary function is to download and execute a secondary payload, consistent with Qbot's known behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.