Qbot Office (OOXML) / .XLSX malware analysis — malicious · 88e1309cc7574dfe

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8e4fa44d65257909773b4cc5c96cdb21 SHA-1: c82db904c1644ea66502a47f08bfdd31c9d88508 SHA-256: 88e1309cc7574dfeb45040a5638754ed97ec6220932afae488637bc4129cc6a8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. As an Excel file, it likely uses macros or other embedded content to initiate the malicious execution chain, fitting the pattern of spearphishing attachments used to deliver malware. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.