Qbot Office (OOXML) / .XLSX malware analysis — malicious · ff07e9e041e43a3a

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 921e54533a127d6efa5f54e6bf5bbf36 SHA-1: 93d86b9b234f5d4563ca16fecfe550883899b82e SHA-256: ff07e9e041e43a3a1023c94a6e3c3a99286dba0bad8f8e6def14ed2d6e9fbbc0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant used for dropping secondary payloads. As an Excel document, it likely employs macro execution or exploits to achieve this, fitting the pattern of spearphishing attachments leading to further infection. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.