Qbot Office (OOXML) / .XLSX malware analysis — malicious · e7670997241ebdc3

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c64d6ccf249ee3e2f7245440064d43c8 SHA-1: 39c6b6c95e31888b87709f2752b743b665543fc8 SHA-256: e7670997241ebdc3da36e2bf973e9a319442a9e2424980febdaa76af08e9caa2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping malicious payloads. As an Excel document, it likely uses macro execution to achieve this, aligning with common Qbot delivery methods. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.