Qbot Office (OOXML) / .XLSX malware analysis — malicious · fe7a823d7b9469bc

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 50bea1ace001538feb709059343974ad SHA-1: cb8cffe760379ea96942f832a921025d123ea268 SHA-256: fe7a823d7b9469bc9545568beea69cdc2084f87b177cf8a82d7692bbc014d90d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot downloader. While no specific payload URLs or execution scripts were extracted, the detection signature points to a malicious dropper designed to fetch and run additional malware. The file's metadata suggests it is an older Excel document, potentially leveraging an exploit or social engineering to deliver its payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.