Qbot Office (OOXML) / .XLSX malware analysis — malicious · 990226f9d797fc9d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a071d85d359ef928a5d3c900c2ec213e SHA-1: 42105fad9dea9dad7fa709e7e13ea0a6e160917a SHA-256: 990226f9d797fc9da59286eef269ceab3dd28d2f2cd087b7741f9790d7edae5e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot malware family. The primary function appears to be the execution of a malicious payload, likely downloaded from an external source, which is characteristic of Qbot's distribution methods. Further analysis of the document's content and any embedded scripts would be necessary to detail the exact execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.