Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7dccf751433e7191

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: af406ecc6623e07426943ec2a4cf5178 SHA-1: 992b4e1c9292472aa6703b72f87368f59342862e SHA-256: 7dccf751433e71914dc80bca52181fd55ee2b9dc750ca23b3d501fcdbfa10671

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. The Excel format and the 'dropper' classification indicate a likely phishing or social engineering lure to trick users into executing the malicious content, which then downloads and runs a second-stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.