Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8d9c51ca78de1bd8

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 98804c97bc2fbe2d903ee2ef9e95ff70 SHA-1: a2f190649d45f3a13df6044fb9bbef46069be3d3 SHA-256: 8d9c51ca78de1bd8bb9df4f8d043356cf1db0540d12e08ba60d333379dbbb18b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. No further details on the execution mechanism or specific IOCs were extracted.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.