Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 3f17b6aef6223ea7…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 82cef917573bf118e438cab0c4d6aa15 SHA-1: 766ba6b9ff7d4427f484d0d24d10dd097afe0548 SHA-256: 3f17b6aef6223ea74f2a046e2ee4e39fc0c034b8ce0adb3cd572dac1926d493b
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses macros or embedded exploits to download and execute the main Qbot malware. The presence of this specific ClamAV signature is sufficient evidence for attribution.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.