Qbot Office (OOXML) / .XLSX malware analysis — malicious · a025f3fdb65b3c35

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f187c718eb3cffdcd83ce3af337364c6 SHA-1: 74f29ed0e3b7cc7fde02308748411fd24cb5a0d6 SHA-256: a025f3fdb65b3c35d9b6d94f6868aa9014a3584946fe95490d5b728f20ff4983

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware. The primary attack pattern involves tricking the user into opening the malicious spreadsheet, which then executes the embedded payload. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.