Qbot Office (OOXML) / .XLSX malware analysis — malicious · 577619cea88395fe

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f005d3989b0e4d2ded0affb383ceedb0 SHA-1: f3b37131d1aafb377805f62ff542d10c4970ac20 SHA-256: 577619cea88395fe47f66de049f9399bd7fd37acb722266501a88abc7057ee9c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggests this Excel file is a dropper for the Qbot malware family. Droppers are designed to download and execute secondary malicious payloads. The file's metadata indicates it is an older Excel format, but the detection signature points to a current threat.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.