Qbot Office (OOXML) / .XLSX malware analysis — malicious · ace8ae9eaf302dec

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c9eca104d156aaec255fbda4169a3d12 SHA-1: 5afe53fb517cccb0ac416efd40312772a964ea64 SHA-256: ace8ae9eaf302deccb9902b1ea75abbb893ec9887c47c548a508aa8714f8153a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses social engineering within an Excel document to trick the user into enabling macros, which then download and execute the Qbot malware. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.