Qbot Office (OOXML) / .XLSX malware analysis — malicious · ea441ad99f311379

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e32dfb7655c4ad31e532cf775b28e9de SHA-1: 7ff87206535e0af1d5c78d9af96e26d26f353609 SHA-256: ea441ad99f311379dba733eb57ce2b2f0e6be4614b0633227b8f90bb7d41e781

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0'. This heuristic strongly suggests the file is a dropper, intended to download and execute a secondary malicious payload. The Qbot family is known for its dropper capabilities, often delivered via spearphishing attachments.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.