Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8bcef7e59b51cfb7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4ae5e42e881b1b74bfc5f61998933e6f SHA-1: e168ea2a24074296fe9f871f2472145ed2a698b5 SHA-256: 8bcef7e59b51cfb7130635fb230c695c5288db23c7a9dbfd967f420f0d2a48ff

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as 'Xls.Dropper.QbotDocu', indicating a Qbot variant designed to drop and execute a payload. The file's nature as a dropper suggests it is part of a multi-stage attack, likely initiated through phishing.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.