Qbot Office (OOXML) / .XLSX malware analysis — malicious · e20587cad94297ce

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6e42af0b6fe1e9b371d5c67694885deb SHA-1: 7f4494af4253f3830cf6a91ae5685ec32de21ae3 SHA-256: e20587cad94297ce138548675784c54369d0a60c2fcc1911e731bead972ed1f5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware. The primary attack pattern involves luring the user into opening the malicious spreadsheet, which then executes the embedded payload. Further analysis of the spreadsheet's content and any embedded scripts would be necessary to detail the exact execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.