Qbot Office (OOXML) / .XLSX malware analysis — malicious · ea9d331387742c62

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 578abf3943f86ae06d614eb6ba8b9c65 SHA-1: cab895eb508d4e9cc01a31b586d925badfee2bae SHA-256: ea9d331387742c621e35a8367e1c6ac209c74ade7f8e1d5a72cc40f3b3261d50

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious payloads. The SHA256 hash is included as a primary indicator of compromise. The detection points to a phishing attack using a malicious Excel attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.