Qbot Office (OOXML) / .XLSX malware analysis — malicious · c735c6283ae6803d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 300d06e4ee1941630a797e776dd62f81 SHA-1: d9998c5aa760ef58e2966be72008326ee107c736 SHA-256: c735c6283ae6803df7d21b6bfb0c24e0c02ad53adcb236cf4258f2806e3deda6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. This type of document typically relies on social engineering to trick users into enabling macros, which then download and execute the secondary Qbot payload. The SHA256 hash is provided as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.