Qbot Office (OOXML) / .XLSX malware analysis — malicious · 84063d8efbcb0543

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 35ebf1758021460218066eca3cbc541d SHA-1: 379382bfc143f290418b6bdaabd9316d46752652 SHA-256: 84063d8efbcb05439d67622337668617afd2c9fd0b26807a91ebceae0678b5b9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant used for dropping secondary payloads. As an Excel document, it likely employs macro execution or other embedded exploits to achieve its malicious objective. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.