Qbot Office (OOXML) / .XLSX malware analysis — malicious · a28f957e0bff0d2c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 49e222dc2492b96b026a7bd30a10657d SHA-1: 50899a8995865e09e5372cf2eb4346b77d0eb631 SHA-256: a28f957e0bff0d2c2a6bbf8394ce061a4f88207cb7a1601366245254d9845a99

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop and execute a malicious payload. The presence of VBA macros, though not explicitly detailed in the provided heuristics, is typical for Qbot droppers to initiate the infection chain. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.