Qbot Office (OOXML) / .XLSX malware analysis — malicious · a8a19d865b03d123

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e714147661890b0a48a12139219cc819 SHA-1: de0ef2e75b0b57aa38af3e601f3daa4581c0ac9f SHA-256: a8a19d865b03d1233d677924c8e22cd8ef6b15e2f33a408912d7ad26dc0c4a7e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The critical heuristic firing from ClamAV directly identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. The file's nature as an Excel document suggests it relies on social engineering or user interaction to execute its payload, aligning with phishing and malicious file execution tactics. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.