Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4c6456829219be01

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ba8aee71c63186895be57cb85f6996d2 SHA-1: dff02acd5092a3cb48c82ce1ddcfbba7d40ac3bc SHA-256: 4c6456829219be0107aea273f3fc352324651ef236af71b9c6634403242152f6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to act as a dropper. The primary function is to download and execute a secondary stage payload, a common tactic for Qbot. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.