Qbot Office (OOXML) / .XLSX malware analysis — malicious · fb998d202e73e840

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f5a9034a3a5e45aa1ba3969e99446995 SHA-1: 9c402e2260ce63661a2ea99808d8b2e3ac3c2dba SHA-256: fb998d202e73e84072b8bd0356a28b096af993162cb83239d3cdc84955d1db1b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses macros to download and execute the main Qbot payload, falling under spearphishing attachment tactics. The heuristic firing is critical and directly points to the Qbot family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.