Qbot Office (OOXML) / .XLSX malware analysis — malicious · ee7e8f42729a8803

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a08772cf9287a3594c53a2e80a87d94b SHA-1: 99482d66b9b61722534c24b6586a0cdc08b3879c SHA-256: ee7e8f42729a8803abf4ad8e9c98670e2b537b756d156b58b2ed7876b4f4c8bf

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macro execution, to download and install further stages of the Qbot infection chain. This aligns with common phishing tactics where malicious documents are delivered as attachments.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.