Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4f4a2c8ffc282b49

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ef47269b0f067214d0ee7d5e4d41c0de SHA-1: 9afd220328ad0f1cb7a091389ff27fb2ac68efe0 SHA-256: 4f4a2c8ffc282b49ffa2b83050bee9f472a130658a24809644a2ffb49b55ab0a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. Further analysis of the payload's behavior is required to detail the execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.