Qbot Office (OOXML) / .XLSX malware analysis — malicious · bbe4995b9d3412cb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8de512fa352886784ebf255ec52bfa73 SHA-1: a901a17f01f91f7b4cbaea2d411e442b8e7bb2f5 SHA-256: bbe4995b9d3412cb0b9180f3569f5b4dd009688b78e2825274f3de3ed7aa6b2d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The critical ClamAV heuristic identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting Qbot family involvement. As an Excel dropper, it likely relies on social engineering to trick users into enabling macros, which would then execute a payload. The primary function is to download and run a secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.