Qbot Office (OOXML) / .XLSX malware analysis — malicious · b4730eacf17f02be

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7e8b9271ca55bef5b9a1b7f6fba5d57c SHA-1: 886deb14ebeb7f2493be39fe2c1dc69f0b0e3285 SHA-256: b4730eacf17f02be7b1a5a5b51f7e7a6d2b50e775df0f7b7d1151255fc990f91

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of malware is typically delivered via malicious Office documents and is designed to download and execute further malicious payloads on the victim's system. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.