Qbot Office (OOXML) / .XLSX malware analysis — malicious · fe0b195c33ee8d60

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f4898439435855a8e978129f24790a26 SHA-1: e1c7401f529035721aa4002391a041a66fa994b8 SHA-256: fe0b195c33ee8d6052cb480a9293408519927e26ab3b80da8fd42d1f6d6a6f46

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The Excel format suggests it was likely delivered via spearphishing, aiming to trick the user into enabling macros to execute the malicious payload. No document body or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.