Qbot Office (OOXML) / .XLSX malware analysis — malicious · fe12d91cfe478b0a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2fdb2ead0114a6aeb5052f6605469098 SHA-1: 9459c6ccd81a8e7cc5dc83451920683500b47a93 SHA-256: fe12d91cfe478b0aaa816b8f1c9725b8339f54a68778366d3b0e3429ad4ce445

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot variant used for delivering secondary payloads. As an Excel document, it likely employs macro execution or other Office exploits to achieve its malicious objective. The SHA256 hash is included as a primary indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.