Qbot Office (OOXML) / .XLSX malware analysis — malicious · f41a7730bcde6e7d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6594d135ce0f1add0223da6d4d82621b SHA-1: dbd0cc55e2719432bd4600b3ebaa3f3355e382cd SHA-256: f41a7730bcde6e7d2bf064b2f53a2159885544239b782450854f4ffaf427f59d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. As an Excel file, it likely uses macros or other embedded content to initiate the execution of a secondary malicious payload. The specific dropper mechanism is not detailed by the heuristics, but the Qbot family attribution is high confidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.