Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8ed8a8e9edcb98b7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 002c02ce1ceaa29b98c8753f4c237c79 SHA-1: 9b00cd260c8959a307c69fc3a1068f75719171e4 SHA-256: 8ed8a8e9edcb98b72f5a15cfc66d041cf3b24eedfc934b64b67691bfd9fcabc0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the Qbot payload. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.