Qbot Office (OOXML) / .XLSX malware analysis — malicious · a31c91b1afb83dbc

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2ab5c2ae3d014c21c1c4e1514639cc71 SHA-1: b7aae5de8bbec99947fc8cac2ed741a7f246d832 SHA-256: a31c91b1afb83dbc27b58c685d8ef7a71ea899d6ae66f21efc28d910977c27a0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. As an Excel document, it likely uses macro execution or an embedded exploit to deliver its payload. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.