Qbot Office (OOXML) / .XLSX malware analysis — malicious · fa1673c1eea86aca

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a883009aaa47b0c0cb51107c7e455d25 SHA-1: 6eea0b18c93a5489ee7c39b6705627db935e2928 SHA-256: fa1673c1eea86acaeb2f3fc7133c050c3ef8c5dc7d43ae4692f602f74339d541

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant. As an Excel document, it likely employs social engineering or exploits to trick the user into enabling macros, which then execute the Qbot payload. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.