Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 4ae1e7459b279bf1…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 96965206e983d9e9cefaec12fa89b610 SHA-1: 95dcdf2897ae6400ef644a2a4478c285d3cf00bf SHA-256: 4ae1e7459b279bf1733b4eed027de5db70e1ad6648da81985f2b7753ccbe4c3f
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macro execution or exploits to deliver the Qbot payload. The primary attack pattern involves tricking the user into enabling macros or exploiting a vulnerability to execute malicious code.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.