Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3553f699e36e0647

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 81bf5cb806ad27fafc4b5609d54a364a SHA-1: 483762ad7f5508d1885dc3422b8b320bb6557435 SHA-256: 3553f699e36e0647dceab191c94781a088cf7ab11ff03aaef787412ce50859d2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. No scripts or document body were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.