Qbot Office (OOXML) / .XLSX malware analysis — malicious · dd105d3475d0e3e9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2de0d7da75b2775368cad4514d7643b2 SHA-1: 03b0d0b537b304494a2bb478a58bb44662c81b47 SHA-256: dd105d3475d0e3e95d62c7dbe47db2c3dc42398d67ff263ecce36775e4bac347

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. The Office (OOXML) file type indicates it likely uses macros or other embedded content to achieve its malicious objective. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.