Qbot Office (OOXML) / .XLSX malware analysis — malicious · 238e09f5b1f76648

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 531d5d75ab1bf20735f10e1d3f119522 SHA-1: 22125fef98b1cfb7f4d0a35f37bba61e56855d51 SHA-256: 238e09f5b1f766482597232ed276d428af57180797006ff93df0dad6ec3bf5c8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File T1059 Command and Scripting Interpreter

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. No document body or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.