Qbot Office (OOXML) / .XLSX malware analysis — malicious · ea3755c5c68e50e8

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 72740502f90261d750f27941f4cfc433 SHA-1: b5254b07084496616479ff0b1be2b51adcb37df4 SHA-256: ea3755c5c68e50e81dd362e3b3aeef858d977da9c55824626329067e169dade1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to act as a dropper. The presence of macro-related heuristics indicates it likely uses Visual Basic for Applications to execute its malicious payload, which is consistent with Qbot's typical behavior of downloading and running further stages. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.