Qbot Office (OOXML) / .XLSX malware analysis — malicious · 42b5026dd3fbab99

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5be13b68ed2439ea9335362a911ebc53 SHA-1: 498ff664cf75a459018a20d529ec7ee747e632ad SHA-256: 42b5026dd3fbab991e48ad7f442d17ca0d085cd91eb4927d7ba6461618103167

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. As an Excel file, it likely uses macros or other embedded content to initiate the malicious execution chain, fitting the pattern of spearphishing attachments. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.