Qbot Office (OOXML) / .XLSX malware analysis — malicious · 77c61ea33288c328

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 70ad06d3a489ab1854b35c8200a7fe33 SHA-1: 350bb5639d1a9a90b4883cd80acdc06a3d907cb5 SHA-256: 77c61ea33288c328604b6b0f7f0eb1d0ef61d654cce74ff5c3f09a751c44f41b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. The Excel format suggests it's likely delivered via spearphishing, aiming to trick the user into enabling macros to execute the malicious payload. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.