Qbot Office (OOXML) / .XLSX malware analysis — malicious · 99a83ce7e1adc509

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c4cdaf7ac85e0f15753414b647ad3f10 SHA-1: 87ae96696bc69a477b69ae585d8d07af47ce4532 SHA-256: 99a83ce7e1adc50917431e819b7042dedf79b21e889220a053e32e99e7be8b9f

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204.002 Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it's a Qbot variant. The heuristic indicates a dropper functionality, implying the spreadsheet's primary purpose is to download and execute a malicious payload upon macro enablement. No document body or scripts were extracted, but the detection name itself provides sufficient evidence for this assessment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.