Qbot Office (OOXML) / .XLSX malware analysis — malicious · b70e369606b0ac5c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 06753216e159632117f8e931886de7a9 SHA-1: 17a4c4fae7e25ce2ad83281e49c6fdbf6e4e4a82 SHA-256: b70e369606b0ac5c77d65816610dfc8bc21e01ab199012c79f3705e48d772dc3

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. As an Excel file, it likely relies on social engineering to convince the user to enable macros, which would then execute the malicious payload. The primary technique involves tricking the user into running malicious code.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.