Qbot Office (OOXML) / .XLSX malware analysis — malicious · ab3fc400cd1c6c77

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e483699eb8351e6888037317b863619a SHA-1: 89f7310c84ddf2084bd2b200290f4d7c525f979f SHA-256: ab3fc400cd1c6c779dea8d70b839c456f309999732e1dc11d14d1e3f204cf591

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to download and execute a secondary payload. The Office (OOXML) file type and the detection name suggest a macro-based delivery mechanism, likely involving spearphishing. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.