Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4ebbb94bd8ffcd0f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e9c4f94b3d834ad5e1c4a8dbab82afb1 SHA-1: 36db02701979bd2bda228b444fd0cc92c244e7a5 SHA-256: 4ebbb94bd8ffcd0fe293c65f8ca674351038522ccae123c49942110c26818b07

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such files is to execute malicious code, typically by leveraging macros or exploits, to download and install the Qbot malware. Further analysis would be required to identify specific execution vectors or payloads.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.