Qbot Office (OOXML) / .XLSX malware analysis — malicious · a6d8962bb1dfe280

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 465fd6deeb4dca5695d4f89ccedfc949 SHA-1: ee01284e9025d4fe7c51d0ea4b725cdb6a10274e SHA-256: a6d8962bb1dfe280dc06350c85d7f5f133bdf65510af7953be3da7e13292ba55

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The file is an Excel document, suggesting it is delivered via a phishing attack as a spearphishing attachment. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.