Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9fe947851595c00b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 25fe057532860519c771572c0e57a105 SHA-1: f1e5c0f674a36121ae031a2309014af12838532e SHA-256: 9fe947851595c00bc850da711eea87a96721699f8cb8e7504eb2306c362d7d11

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. Further analysis of the dropped payload would reveal additional TTPs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.