Qbot Office (OOXML) / .XLSX malware analysis — malicious · f4c4f46d9b537e2b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 90a5457a78a217910a671dc4a702eccb SHA-1: 50a658def4a69877830785de06ccee0d3cc2afde SHA-256: f4c4f46d9b537e2b3444d68d31315e3c6f025033d9caaff4e7613d20defa5487

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. While no specific VBA or script content was extracted, the heuristic firing is sufficient to attribute the likely attack pattern and family. The primary function is presumed to be the download and execution of a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.