Qbot Office (OOXML) / .XLSX malware analysis — malicious · d3b7b7626c9c2a2b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d7d6bf678c4dcedf8322c8c661835371 SHA-1: b8b4601a981d6c5a494788d7a44c6b1d063d4d86 SHA-256: d3b7b7626c9c2a2b132ee77217821a3ae28d26c67dc3083f392b2e9f5f363ba7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1059 Command and Scripting Interpreter

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The primary function appears to be the execution of malicious code, likely through macro or embedded exploit execution, leading to the download and installation of further malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.