Qbot Office (OOXML) / .XLSX malware analysis — malicious · bb4017c06be50b30

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8289921fd02583ff0e8fc10aee3c4943 SHA-1: 45e6f78f31b124d5cb9887e4b62d6d6d702d5174 SHA-256: bb4017c06be50b304d0985e0361b696ee70fd776cfd827d33297229f23686e0e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. The Excel format and the dropper nature suggest it's intended to lure the user into enabling macros, which would then execute the Qbot payload. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.