Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1b4ee0bcf68927b9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d81546aa38904bed8aed7330fe2f3d4d SHA-1: cfb4f599acc194f2b60a87e84815189f799b9952 SHA-256: 1b4ee0bcf68927b9417c32bb57a743e61d8876761876e179b37c3a8e87aa82b5

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. This suggests the primary purpose is to download and execute a further stage of malware, consistent with Qbot family behavior. The specific ClamAV detection name strongly points to this family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.