Qbot Office (OOXML) / .XLSX malware analysis — malicious · fb9a0ae94c0c47bf

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: aeae174eeaaf56e6cfea0ab8888add3c SHA-1: ca801dfad05d8c4332898cebb3118373db6937fe SHA-256: fb9a0ae94c0c47bf7b5a6b5cf40fe669242863a082eb1b9a30edd0b36c9cf026

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack vector involves tricking the user into enabling macros within the Excel document. Once enabled, the macro likely executes code to download and run a secondary malicious payload, consistent with Qbot's typical distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.