Qbot Office (OOXML) / .XLSX malware analysis — malicious · dd5937ae069129c5

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bac6466ab8ea4cbad8b39adb876639c3 SHA-1: 119bf791647e02c2be0048322204c8a86e591d66 SHA-256: dd5937ae069129c5c2711096ddc89bd7432f25132cd8d32031e0f5b21e27ac19

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The primary attack pattern involves tricking the user into opening the document, which then executes the embedded malicious payload. No further IOCs were extracted from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.