Qbot Office (OOXML) / .XLSX malware analysis — malicious · d81b62ec5298ac3f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d3e0ffcbe142dade8f77b9c51ec72487 SHA-1: c22f354f12137b2d1e7e72bbf54d48c4a8d0a443 SHA-256: d81b62ec5298ac3f8e1b872d6ea297488634f42f8aa6442ceeecacbee536c0e2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant designed to deliver a secondary payload. The primary attack vector is likely through social engineering, tricking the user into opening the malicious Excel file, which then executes the dropped malware. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.