Qbot Office (OOXML) / .XLSX malware analysis — malicious · e863077ab9cbbbd5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2db1d95ac666b8a813783b3e51c678dd SHA-1: 1d5f575b2da47318b22f9ffc11df7eb3f0e3480d SHA-256: e863077ab9cbbbd59aadd9d1b9cf47e48e43b6d7692cfd7409923dd3594505f6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as a Qbot dropper, indicating its primary function is to deliver the Qbot malware. The heuristic firing strongly suggests the document contains malicious macro code intended to execute the payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.