Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 3ed2561b5e871dc9…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 6f51df8faba6fe0ac8d3ed403fc3f2b4 SHA-1: a81c3f25f96bfb751fe3d652a57b372747a5a179 SHA-256: 3ed2561b5e871dc95a3c622a70ef4c034fcd32a5dc9adc961851c934065526a7
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1204 Malicious File Execution

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicates this Excel file functions as a dropper for the Qbot malware. While no specific execution vectors or URLs were extracted, the detection signature itself is sufficient to attribute the file's purpose as malicious payload delivery.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.