Qbot Office (OOXML) / .XLSX malware analysis — malicious · 89895d8b52c79bc6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c569fc420da3b7ab92ed6cc6cd204b2f SHA-1: ccea804f9664c1fb73aed1a1d466f67dc3e3e30f SHA-256: 89895d8b52c79bc6daf0d4d368aacd6aa256a89a13e9ba1251673da4f319fa3d

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating a Qbot family infection. As an Excel document, it likely employs social engineering to trick the user into enabling macros, which then execute the Qbot payload. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.