Qbot Office (OOXML) / .XLSX malware analysis — malicious · e52985d03b6e21a0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5ea4d4bc1f75e676e319e8dac95606fe SHA-1: 1161af0d907383b9cf510713add69d11e9a34f4f SHA-256: e52985d03b6e21a0275dd45fb4d54b76a9c1e69c147eb89cb06c894fac53bc9a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded payload. Further analysis of the payload's behavior would be required to detail specific execution techniques.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.