Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1cab6729687c334f

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fc0d047441f3d6e955a2397aeacddad7 SHA-1: 6076a5052eb81b2ebb5d35c2c2053e58165f6ac2 SHA-256: 1cab6729687c334f3f2d57133128addd9c8580903a62848c051126b4674751b2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the spreadsheet, which then executes the embedded malicious payload. No document body or scripts were extracted, but the ClamAV signature is highly indicative of Qbot's typical dropper behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.