Qbot Office (OOXML) / .XLSX malware analysis — malicious · 81628919db7ab5cd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0722749d74a7fd0fbb854b7d9af84111 SHA-1: 3afb4a3f74ff5a309c08fcf310f0df85609c3759 SHA-256: 81628919db7ab5cd7aa4fe71448a3c5e45c69ffcd92b0cee378857d5ba0df109

60 Risk Score

Malware Insights

Qbot · confidence 95%

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The Excel format indicates a likely macro-based execution path, leveraging VBA to initiate the malicious activity. The primary goal is to trick the user into enabling macros to facilitate the download and execution of further malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.