Qbot Office (OOXML) / .XLSX malware analysis — malicious · ac654f5a0f641c7e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 10d03b65b94744099e7975ea5b654563 SHA-1: 6fc50f9f89c7c19ec6df8d6288e4d7fa7c5851c5 SHA-256: ac654f5a0f641c7e57a8159478e2b07628f27a89e8a50fa0580b42f2b39212ea

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The critical heuristic firing indicates detection as a Qbot dropper, suggesting the file's primary purpose is to download and execute a secondary payload. The file type (XLSX) and the nature of Qbot often involve social engineering to trick users into enabling macros, which then initiate the download process. The specific ClamAV detection name provides strong evidence for the family and attack vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.