Qbot Office (OOXML) / .XLSX malware analysis — malicious · f59f70a4a73e15d2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ff7094a74856b7efb5d960c2c36fc6b8 SHA-1: 307ce2f621c3c1151b8609fc6e0e18b3d338308c SHA-256: f59f70a4a73e15d26a3d755184bc933e1a066a22e97e56473d61dcd933b2523f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no document body or scripts were extracted, the heuristic firing suggests the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, a common tactic for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.