Qbot Office (OOXML) / .XLSX malware analysis — malicious · f24daedad32aa1b0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5aa6a20fceeac2775b138bf6aca1e6bd SHA-1: 0f86029f7588aaaeb77730b29ea10bd8b6eda201 SHA-256: f24daedad32aa1b07081dbd396806295a5de814f9bdc1a8079830c2f72c4a5b8

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Such documents typically rely on social engineering to trick users into enabling macros, which then download and execute the Qbot malware. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.