Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7f670d29e8798a6b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5aef283a3114252020dd88bf33aa2880 SHA-1: 45b44f35fed9c24321086a4060ae1b5c435094d7 SHA-256: 7f670d29e8798a6b810a484a9f0efcbef46a17a81159d5e19deaf49ea6cde1c8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This suggests the Excel file is designed to trick users into enabling macros or exploiting vulnerabilities to download and execute the Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.