Qbot Office (OOXML) / .XLSX malware analysis — malicious · bbab567cf7169cfb

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2e0dee91e981a0a143aa931aedf04ef7 SHA-1: ab176b930899da8c4013038ece9ff5661f4b1854 SHA-256: bbab567cf7169cfb528f56c824d2f7f0cfa0a6e231f0d6d6e60a124f2381ade3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant used for dropping malicious payloads. The Office (OOXML) file type suggests it likely uses macros or other embedded content to achieve its objective. The SHA256 hash is provided as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.