Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2d375ec5dbed2427

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b4b80fcba20bf83b7ba5cb198cee9630 SHA-1: b2e0fc6df05a847b7d8307f508bc6f72e9a68a2a SHA-256: 2d375ec5dbed2427aa9c61488a23846bb2c7f5e1e9e193ea37ca10e78337739e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. Further analysis would be required to determine the exact execution chain and specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.