Qbot Office (OOXML) / .XLSX malware analysis — malicious · f4efa0926a2822e3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7ef4a84fae3f733c89255c1445708968 SHA-1: 1b2e015e8b6dcad9c5653d79e76d59ac069940d8 SHA-256: f4efa0926a2822e3c10001ebd56b0e68b3ac257ea517b3ae13e138df5d0d4f69

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant used for dropping secondary payloads. The file's structure as an Excel document suggests it is delivered via spearphishing, likely exploiting macro execution to initiate the infection chain. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.