Qbot Office (OOXML) / .XLSX malware analysis — malicious · 87586f8a1184ea12

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fc0c0ba6326ee50472ef45a78696b414 SHA-1: 2d7267340384fcc6130a295ba198cb78fbe52611 SHA-256: 87586f8a1184ea12e8996b8dbbfdb1bf76cf581a198aafd3c0ce2423540c8d82

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop and execute a malicious payload. The presence of 'Dropper' in the ClamAV signature indicates its primary function is to download and run additional malware. Further analysis would be required to identify specific execution techniques or payloads.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.