Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 263f85b3e1f3dfb8…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 47ac9053f01aa137ca0ab63265626344 SHA-1: 2dd3bd6f23275c67dce9ed064b9bc1cb3313dfa0 SHA-256: 263f85b3e1f3dfb862774adf69df51e61184e82d586b6d778a8ed84c619ebc06
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The file's nature as an Excel document suggests it was likely delivered via spearphishing, aiming to trick the user into enabling macros or otherwise executing the embedded malicious payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.