Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9c692434f31daf4c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6e29aac8250b171d948bf50239cabcdd SHA-1: 83d5b9dd164ef5abaa579cf164849c49781dec31 SHA-256: 9c692434f31daf4c8dd18ad515667e1b8b66969f16981532c3e0e2078b4f6f42

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family infection. The primary attack pattern is likely spearphishing, where the malicious Excel file is delivered as an attachment to trick users into opening it. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.