Qbot Office (OOXML) / .XLSX malware analysis — malicious · 283f918120fa96ec

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d44d839eca988b1fcaf68327fce263d2 SHA-1: 1e4fa0474a7a595c2468ddcf127dec28f98c7220 SHA-256: 283f918120fa96ec0a3e58043442b588a31f8a8198c36157f299d198c2b968bc

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the dropper functionality. The primary attack pattern involves leveraging macro execution to download and run further malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.