Qbot Office (OOXML) / .XLSX malware analysis — malicious · f3d07f873534bae6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b5635559a307ad506b279e7e968ed52d SHA-1: f96ccf5087ba3cfa055592fea09306584eb77036 SHA-256: f3d07f873534bae666dd3e89c419713ed61d2d918c5d06fec37b3736a641ae62

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. Such documents typically leverage macros to download and execute the main Qbot payload, often involving spearphishing as the initial attack vector. The detection name itself suggests the file's function as a dropper for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.