Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9e50511ec164222b

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1d816fa754340c60db431d5001ea0759 SHA-1: 05c9f6441cd2757199ee0d18808fc5f82ee267b1 SHA-256: 9e50511ec164222bd899aba5a6bd68e77d00605c649fde0d6fadc2cfc104b321

60 Risk Score

Malware Insights

Qbot · confidence 95%

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. The heuristic firing indicates the presence of malicious VBA code, which is commonly used by Qbot to execute its initial stages. The primary attack pattern involves tricking the user into enabling macros to initiate the infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.