Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 3eb96324873284d4…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 3afd7723f0eaaed0dd65664f7b3e4560 SHA-1: 6ae0264b8fb8670d3a2a19c2ebd13b30a2dab9ca SHA-256: 3eb96324873284d40b02427a507209ee034cdaa1686f2c73498dd2ab841eb8ca
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot malware family. While no VBA macros or document body text were extracted, the heuristic firing is sufficient to infer that the Excel file likely contains malicious macros or exploits to download and execute a secondary payload, consistent with Qbot's typical behavior.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.