Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 2ca78b2df0eebd1a…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: ddddff27737d786dfd47507c736fbb19 SHA-1: ea8027326fb1bf46a872aeb4028681d8a294182e SHA-256: 2ca78b2df0eebd1a56ffaae7844ba5c36d78403e256f48ae6437f11aa195e07d
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper document. While no specific VBA or JavaScript was extracted, the heuristic firing suggests the Excel file's primary purpose is to execute malicious code, likely leading to Qbot malware infection.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.