Qbot Office (OOXML) / .XLSX malware analysis — malicious · a121221212968f4a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d5ac6f9395704e77868e33fbf14c57cf SHA-1: 4be05474ee7442839622ac9d55bb08c59a8bc379 SHA-256: a121221212968f4a04b8357a4d1efedf98d9140924c584cf46a5419286dec9fe

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter T1204 Malicious Link

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the malicious payload. No specific URLs or scripts were extracted, but the heuristic is highly indicative of Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.