Qbot Office (OOXML) / .XLSX malware analysis — malicious · f9bd76621c037d31

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 09712d02576138513c99828782f2d9d9 SHA-1: d217e5ba9f0410077a62dae7c5655a224797ed5f SHA-256: f9bd76621c037d317940142c54a2093359bffc29ac29c994bbbe20cd588e98dc

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no VBA or scripts were explicitly extracted, the heuristic firing suggests the presence of malicious code within the Excel document, likely intended to download and execute a secondary payload. The document's structure and the detection name point towards a phishing or social engineering attack vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.