Qbot Office (OOXML) / .XLSX malware analysis — malicious · ab632a0015f32c28

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 31f45ff74203e77013340c6f7990c77c SHA-1: d6e32b148860d21d9399091d374724350c9a9572 SHA-256: ab632a0015f32c2893962b537cf2f8589f6970f664505c2564528048709a61f7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes the embedded payload. The SHA256 hash is included as a primary indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.