Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8413e6deb9bfb189

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c1d77d4c55e4fb008cb7040ccb3c4bb4 SHA-1: 8ce618e5df94e2935d3d2576ff08dcc252ebbae9 SHA-256: 8413e6deb9bfb1897e03ed93aa5b66eb413f1d63ad1417e466528281da69b7ab

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document's primary purpose is to act as a dropper for malicious payloads. The detection signature suggests it is designed to download and execute further malware, consistent with Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.