Qbot Office (OOXML) / .XLSX malware analysis — malicious · dde0da5082a978be

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4fcdbd7bc4bab73c4373ffe7dd065cbb SHA-1: e4ea0e68e3dcab4ef9004e3b4e389acaf4e39e76 SHA-256: dde0da5082a978be7bec574bad21cb9d7f64d9799f086eb886242a4bfc759912

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot family dropper. The detection suggests the Excel file's primary purpose is to download and execute a second-stage payload. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.