Qbot Office (OOXML) / .XLSX malware analysis — malicious · 81536f59b532e83b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 91b48d184b2697aed8d7b29177e835ec SHA-1: 77892f9e4cbcc95671109a32376ac174baad6531 SHA-256: 81536f59b532e83b0b2a9daf7e4589f9bd8e2ff7f24a96fb76c2bb0042812008

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The file is an Excel macro-enabled document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, a known Qbot variant. This type of dropper typically executes embedded macros to download and run a second-stage payload, indicating a malicious intent to compromise the user's system.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.