Qbot Office (OOXML) / .XLSX malware analysis — malicious · e9f38f03fcc2ed70

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 205a024e8024f9995d5ef01778bbb912 SHA-1: e8721dd540490947c2c5d1b59d6eadc46ed540c6 SHA-256: e9f38f03fcc2ed70e417294e91dd42104d5dbc637eec2a5ac0994d9b317554db

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File T1059 Command and Scripting Interpreter

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves delivering a malicious payload via an Excel spreadsheet, likely leveraging macro execution or other embedded exploits to achieve this. Further analysis would be required to determine the exact execution chain and specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.