Qbot Office (OOXML) / .XLSX malware analysis — malicious · fbc972240a660936

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9600fcb1275d3efd883e98b685cbecdd SHA-1: 607d064e9734cebea80831036d3ab0bbadb66730 SHA-256: fbc972240a660936bc43f2fdee6c77bd55c71f7a17b42488f46de999d0d7752b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. This type of document typically uses malicious macros to download and execute the main Qbot payload. The presence of VBA macros, though not detailed here, is implied by the dropper classification.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.