Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 216c49cd46cd90ad…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 382ab959aaac622e055ec21f7f449e8a SHA-1: 2d860cf9ca497d14c081d701b2ce6a780a9ee995 SHA-256: 216c49cd46cd90ad2df921b7b159aed4fed379c53b83c8a42e44015ae631cc3c
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The CLAMAV_DETECTION heuristic specifically flags it as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The file's metadata suggests it was authored using Microsoft Excel 14.0300, and its creation date is from 2006, though this does not preclude its use in modern attacks.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.