Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4acc369208d37d6a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 73e916806647f904e0ea5e5c79837e9f SHA-1: 2869a67eb065ce08bd17ae222c7369cabdb7ce8e SHA-256: 4acc369208d37d6a29e7a1fe87a19c988c2195ffc669b830d5395ee1e202253c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user to open the malicious attachment, which then executes the embedded payload. Further analysis would be required to determine the exact execution chain and specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.