Qbot Office (OOXML) / .XLSX malware analysis — malicious · c48c5ad83c001e7e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1a14b346499bcefaa6aac9bbf78c620d SHA-1: 2ef665ffdcb689a9e1bf262a3b720f91c9ff9328 SHA-256: c48c5ad83c001e7e8bab33e6386f8e73e683126c5cac1e126fd501d098b4333f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. The Excel format suggests it was delivered via spearphishing, likely to entice the user to enable macros which would then execute the Qbot payload. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.