Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8bec6587ce12dab7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6c2e30f649ff691630d1a808da44faa7 SHA-1: 4ed4f14798c4b31ef1745c05e4b8bf8ed0baf3ec SHA-256: 8bec6587ce12dab71195702e29801669469541d05ed59766b153bd8450758d92

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The primary attack pattern involves leveraging macros within the spreadsheet to execute the malicious payload. Further analysis of the macro code would be required to detail the exact execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.