Qbot Office (OOXML) / .XLSX malware analysis — malicious · c301dc279e9ca799

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 200da3b788fa2925bf62490b7b0f9657 SHA-1: 9080eb402287be27ee7f0cf06e20fe8bcd493231 SHA-256: c301dc279e9ca799d87562ee9479add289c24a64f36bd93d35439004dd4d3491

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant used for delivering malicious payloads. The file's nature as an Excel spreadsheet suggests it was likely delivered via spearphishing, aiming to trick users into opening it and triggering the malicious execution. The SHA256 hash is provided as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.