Qbot Office (OOXML) / .XLSX malware analysis — malicious · 883a3a10e1d7cde5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a01457b241346505565822b0eefc64f7 SHA-1: a6d1323c9d22576ce682fc02127c8a60142741c3 SHA-256: 883a3a10e1d7cde5ef11a2c20377aff1f4386099306148750d66748874fb0959

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The presence of macro-related heuristics indicates the likely execution path involves user interaction to enable macros, leading to the download and execution of the actual malware. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.