Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9a7670d7a7375ff5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9505e932180e537d64cb02a010eabae9 SHA-1: ed913b04e9428391ee4285355d221201a64d4f9e SHA-256: 9a7670d7a7375ff5d1689b6faea9958bed674cca036fc1a80ea93d6cb5e89cf7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type indicates it likely uses macros or other embedded content to achieve its malicious objective. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.