Qbot Office (OOXML) / .XLSX malware analysis — malicious · 40983e52b876455e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 408e3e77b7b5a0c3b8a81f11e562be75 SHA-1: 855147e1aad98893b68d9c610d9146ceb814b73d SHA-256: 40983e52b876455e84a96f6c735aadca5c6207e73bacd77883fe042ea096d1a1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File

The critical ClamAV heuristic directly identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The file's nature as an Excel spreadsheet suggests it relies on social engineering to trick users into enabling macros, which would then initiate the download and execution of the Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.