Qbot Office (OOXML) / .XLSX malware analysis — malicious · d7f808c6f3ffcd6e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2aec72730060ba9d30ebdf221b8be7ee SHA-1: b7a35f031342eb88869ffc788f7904a3a77a3d63 SHA-256: d7f808c6f3ffcd6eca065ef942e2df388793925811de09fa1af4e953d0b47ca2

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File T1059 Command and Scripting Interpreter

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its nature as a dropper for the Qbot malware family. The primary function appears to be the execution of malicious code, likely leading to the download and installation of further malware. The detection signature itself serves as a key indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.