Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9d9b1c6483fa8e17

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8e5499f61b7965423ecb96101454ced9 SHA-1: e0b53668597718e95f6b600cda9bcca47ebb3d73 SHA-256: 9d9b1c6483fa8e1751d2deb749475d023cf19cc75b276b1f01eeb1471b2ca75f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot variant designed to drop a secondary payload. The detection name suggests it leverages macro execution to achieve this. The primary attack vector is likely social engineering to convince the user to enable macros, leading to the execution of malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.