Qbot Office (OOXML) / .XLSX malware analysis — malicious · 91918a1168585f80

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7e32cea747c8e32d7b9a91a3e4798eca SHA-1: 5c9ae2603c0ce6116c7fe40588e54d294c5a1712 SHA-256: 91918a1168585f80274915b23b362965f94c8217188804509d428547ab143702

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File T1204.002 Malicious File: User Execution

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. The primary function is likely to execute a malicious payload upon user interaction, leveraging the dropper capabilities to facilitate further infection stages.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.