Qbot Office (OOXML) / .XLSX malware analysis — malicious · d12ade34f5604e87

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: cd6d059342c55628a0d5173fdd78fa92 SHA-1: 5c87875a64d02434af04585ef8ca04d5dfcdc1ee SHA-256: d12ade34f5604e873b476416b4b7de71b4c7230e9ea06e968348de910cf71492

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a Qbot dropper. This suggests the primary attack pattern involves tricking the user into opening the document, which then executes the embedded malicious payload. The specific Qbot variant and its delivery mechanism are strongly implied by the heuristic detection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.