Qbot Office (OOXML) / .XLSX malware analysis — malicious · 22a68f5f57b13374

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 070e82e01c22b8a10b5c15d917917481 SHA-1: 444b419117c38413df92f45d8f8027f9da615556 SHA-256: 22a68f5f57b1337486953e1f0e47e0c1fa0dc8237c811f91ab0aceaad6337552

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File T1059 Command and Scripting Interpreter

The critical ClamAV heuristic identifies the file as a Qbot dropper, strongly suggesting its purpose is to download and execute a secondary malicious payload. The file's metadata indicates it is an Excel spreadsheet, a common delivery vector for Qbot. Further analysis would be required to identify specific IOCs related to the payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.