Qbot Office (OOXML) / .XLSX malware analysis — malicious · 5313fb9de2c5175c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 84e12dddba4524088c39b09740983544 SHA-1: 7fa56e2b7867f084b023cb78db5f922b612e946f SHA-256: 5313fb9de2c5175c13fe4876df57c3cd4a75f252fbdcb7701fffddf0bfc873b0

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping other malware. As an Excel document, it likely relies on macro execution or an embedded exploit to initiate its malicious activity. The primary goal is to download and execute a further stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.