Qbot Office (OOXML) / .XLSX malware analysis — malicious · 26b8638c509d0923

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f5607b46f03e436573d0a738bebfdf8e SHA-1: 48acb328e0d2618062e49a269384b7cace0250b6 SHA-256: 26b8638c509d092334d4805944da81e504d58abb7e1d4ea4198c40bba61cf267

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into executing malicious content within the Excel file, which then downloads and runs a secondary payload. This is a common delivery method for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.