Qbot Office (OOXML) / .XLSX malware analysis — malicious · f412eb0f2a63c989

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 14ff9d3cab9092a99c79ca3a4c4e7e35 SHA-1: d9f3673a0697d882990abad9573924ca4c4ab2e1 SHA-256: f412eb0f2a63c98925a1a7a05525f6d4f43c822eed84ddfbbf3c5325eacdebb5

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop and execute a malicious payload. As an Excel document, it likely relies on macro execution or an embedded exploit to achieve this. Further analysis would be required to confirm the exact execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.