Qbot Office (OOXML) / .XLSX malware analysis — malicious · e45f10cce93c7980

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bbaed7d629546e2f4f15176dbd77dd4d SHA-1: cfd9e389b70a68479e9e0ea8e625848d5a9ab7b2 SHA-256: e45f10cce93c7980d060d969ad4a7a7c0fed87f080aa5ee5010afe5d1c538dd9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this file as Xls.Dropper.QbotDocu, strongly indicating it is a Qbot variant designed to deliver a secondary payload. The file's nature as an Excel document suggests it was likely delivered via spearphishing. No scripts or document body were extracted, but the heuristic is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.