Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3716bae21ab4410f

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 23b3926a104953db798949c33d94eae6 SHA-1: 825aacb8c7307877b204ca2f1cf7f127f577cc74 SHA-256: 3716bae21ab4410f874a59f87794f2e936aa74ce66381109421aa1febfa07916

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to deliver a secondary payload. As an Excel document, it likely uses macro execution or exploits to achieve this, fitting the pattern of spearphishing attachments used for initial access. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.