Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 3d1b48420da42ebe…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: f78e9ab3c2af1ca5af9d74654d6a0576 SHA-1: d7604ed9c60de67e25e4e89ef086fb6a4077d3ea SHA-256: 3d1b48420da42ebee576406920ab9d577104de23621d6d1707800048bef6ab55
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial stage of the infection. Further analysis would be required to determine the exact execution chain and any network indicators.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.