Qbot Office (OOXML) / .XLSX malware analysis — malicious · c727ee0332010f1e

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2fecce6f0775ef7bfcde4b1cfbde3a9c SHA-1: 6c65be19392ea141b6a8542eaa6578b40be0bf45 SHA-256: c727ee0332010f1e6fb52b5e55bcf374a4e8b48ffd7954d1e2cabc2f6f43f0a4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious Link

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family infection. The primary attack vector is likely social engineering to trick the user into enabling macros, which would then execute malicious code. This code is expected to download and run a secondary payload, consistent with Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.