Qbot Office (OOXML) / .XLSX malware analysis — malicious · e5fa635a99bf7660

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1a377e5cec86af8755f28dce78112ba2 SHA-1: ae75f0ea33e84fd8c79bfff5af5c3142b1a2f5fa SHA-256: e5fa635a99bf7660258b1fed7382fc8a717cd27e68f30cd5973cf3a08934dc13

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to act as a dropper. The primary function is to download and execute a secondary payload, a common tactic for Qbot to infect systems. The lack of further script or body content necessitates relying on the heuristic detection for the assessment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.