Qbot Office (OOXML) / .XLSX malware analysis — malicious · d9ef997445d1aefe

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e2ae8a714b5b7a625903298bf2163340 SHA-1: 2fdea124e3da0043d2828c222acd1533845febdb SHA-256: d9ef997445d1aefecf7e5ecdf9b75ccc6ec64cab8c59748ad0e18d5d897bfd87

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop and execute a malicious payload. The primary function appears to be the initial infection vector for a Qbot campaign. No further details on the payload or specific execution methods were available in the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.