Qbot Office (OOXML) / .XLSX malware analysis — malicious · dfa8e79ed3eca3f0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a1f987c36686fdd0c9bf7b164fac5187 SHA-1: 30d211ffbb59ebc64c91458dcee58a11c6fee353 SHA-256: dfa8e79ed3eca3f07222b2f8a915d63c9e78d2b5b23058a26c3df12b2b2cbb15

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's purpose is to exploit vulnerabilities or trick the user into executing malicious code, leading to the download and execution of the Qbot malware. The SHA256 hash is provided as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.