Qbot Office (OOXML) / .XLSX malware analysis — malicious · 31d439148030b0f6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1fdfe32b96bc950cc753dbd7de231ffd SHA-1: c51c93a5e981ba5890af4114259d07f23b3c8fc2 SHA-256: 31d439148030b0f667d839296b05fa789e8ebca631114ff365bf25ace1fce2b5

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop and execute a malicious payload. As an Excel document, it likely relies on macro execution or an embedded exploit to achieve this. Further analysis of the payload would be required to identify specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.