Qbot Office (OOXML) / .XLSX malware analysis — malicious · 39159d05edcf524d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7e260f163731979a481ccf1471ed031e SHA-1: 0d6df86fc564b4fd4b45b75b06d72d47b1b1fe69 SHA-256: 39159d05edcf524dd448173dc424a1ad1b0ab68bd008dfeefc3a291c04e5fdbd

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user into opening a malicious Excel file that then initiates the download and execution of a further stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.