Qbot Office (OOXML) / .XLSX malware analysis — malicious · ce98ea0509c28f3e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4d3087e9fcb71ef2a2ae74031da6dddd SHA-1: 48948b24637846b8fd3a8a2c58699c9653cb8a8a SHA-256: ce98ea0509c28f3e67c774ad5c342b27bfd73471ac9d75de46e22ff6988a1165

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves the execution of this malicious document, which is designed to download and run a secondary payload. Further analysis of the payload's behavior is required to detail the full attack chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.