Qbot Office (OOXML) / .XLSX malware analysis — malicious · f199c2629cac449d

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1a134bb0e1d995e5eb4f296453e9da86 SHA-1: 314960fbe9e9717257c1ee090645bafc08535e6c SHA-256: f199c2629cac449d23f2b1d59f8d00c6c30f1e6f1d518af6999bfbdfd1822b9f

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File T1059 Command and Scripting Interpreter

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The heuristic indicates a dropper functionality, likely involving the execution of malicious code or downloading further stages. The lack of document body or script content necessitates reliance on the heuristic for determining the attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.