Qbot Office (OOXML) / .XLSX malware analysis — malicious · ef4f98bc01b1b7bf

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 84ac69abf64bb130c3c0f3aec6f1cef7 SHA-1: c9fbc22e6b4fbdc16e5092b1b9ca5ca4f7c9ccf2 SHA-256: ef4f98bc01b1b7bfbd3b530317c2b0bcd01d61027ddbb6c5d84a93928c1b6027

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as a Qbot dropper. This suggests the document's primary purpose is to download and execute the Qbot malware. The specific ClamAV detection name provides strong evidence for the family and attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.