Qbot Office (OOXML) / .XLSX malware analysis — malicious · a1b62868ea03f241

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a5e24e25ebba46d95e9892c878b44aa8 SHA-1: 74544cbb40822d5c6d8cc88378d9db85c816ec5e SHA-256: a1b62868ea03f24179df8294a0f5d7274bf4cb09ecfcc0a29042192b81d8a0e3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user into opening the malicious Excel file, which then executes the embedded payload. Further analysis of the payload's behavior would be required to detail specific execution techniques.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.