Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8657da2d5bbfce89

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 18b0b008ff91b4fc704324e0e751eec4 SHA-1: d7d8dee4f4e3872a28085258a6a95adbeb291100 SHA-256: 8657da2d5bbfce8932d743a838f2c1f8537d5fff3bd4c6c8faf8c0b77dbd6fe0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious Office documents to lure users into enabling macros, which then download and execute the main payload. The SHA256 hash is included as an IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.