Qbot Office (OOXML) / .XLSX malware analysis — malicious · c20308ffa7eb3bc1

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 927a92389ac577356add679c8ce1efdc SHA-1: 822d8d4e2a43508de56e76bf0d518c52b8ac4a2f SHA-256: c20308ffa7eb3bc17dc6be3a0c7cd95c9753482b96f4db49fce7ac9034b0a8ad

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping malicious payloads. The Office (OOXML) file type and the detection name indicate a macro-enabled document likely used in a phishing attack to deliver malware. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.