Qbot Office (OOXML) / .XLSX malware analysis — malicious · 44d9b28e42990058

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f928cc26df29a5fd70a4eafebe3d61e8 SHA-1: 93edba2110521d263958a6a5a24a308f7ef903c4 SHA-256: 44d9b28e4299005893ec7b2215b9ddb067ff4496c484d8add1f35b3ae1e66185

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot variant designed to drop a secondary payload. The heuristic firing suggests the presence of malicious VBA code, which is commonly used by Qbot to initiate the download and execution process. The primary attack vector is likely social engineering to convince the user to enable macros.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.