Qbot Office (OOXML) / .XLSX malware analysis — malicious · a3d07a0169b51d29

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c9dc1f30f6e2753b56b7882ae0ccc6bd SHA-1: c50b49b99a37e10cd1c8b707ec2b9f65b333fefd SHA-256: a3d07a0169b51d296f2dff441af1410ec765f25dd99f52685fa1b22609905a5f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File T1059 Command and Scripting Interpreter

The file is identified by ClamAV as a Qbot dropper, indicating its primary function is to download and execute a secondary malicious payload. The heuristic firing directly points to Qbot malware, suggesting a common attack pattern for this family. Further analysis would be required to identify the specific payload and its associated IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.