Qbot Office (OOXML) / .XLSX malware analysis — malicious · f10e6c864f04e316

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b457d044bbd003d6578f8c58ffc3c905 SHA-1: 0229c99e4c4cfd74fd76b0293f2f3801dec36b84 SHA-256: f10e6c864f04e316226ceeb6c588c8878eb681c06a5617cb88a283a0a009e4da

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter T1204 User Execution

The ClamAV heuristic explicitly identifies this file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The file's nature as an Office document with a malicious verdict implies it relies on social engineering to trick the user into enabling macros, which would then initiate the download and execution of the Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.