Qbot Office (OOXML) / .XLSX malware analysis — malicious · cad112694e734343

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ce186fbfe9e0387c053d0b099f878e7b SHA-1: 09a7da37ea74a37bb4388fbf8f86f765f30dae08 SHA-256: cad112694e734343ba58d90afa96ba45ebac4c2ec006ded71a564987b2fe0a51

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Excel format indicates it likely relies on macro execution or an embedded exploit to initiate the attack chain. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.