Qbot Office (OOXML) / .XLSX malware analysis — malicious · a9295631bca1cdc3

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5df336ba6dfb23782ca24fd39c888d47 SHA-1: 9a5291561935908c67e577e51e813263a08da099 SHA-256: a9295631bca1cdc3f26df10a2665a7e510bbc63d121824e7e51e1c300218e8fb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to deliver a secondary payload. While no specific VBA or script content was extracted, the heuristic firing suggests the document likely contains malicious macros or exploits to achieve its dropper functionality. The SHA256 hash is provided as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.