Qbot Office (OOXML) / .XLSX malware analysis — malicious · 872a9e6e0bc4fa8a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e9b6bcccd77ef524341e502c1083282a SHA-1: 70472655ef00302f8c19f8b6a6d3edd68f46e342 SHA-256: 872a9e6e0bc4fa8a8c98884eb496d0e46cc78133df5b256135043040107e9bfb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to act as a dropper. The primary function is likely to download and execute a malicious payload, a common tactic for Qbot. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.