Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 4c7bd95c72846836…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 4742bd5efe87638b86d962fce61e9961 SHA-1: 2af2ec8cd4912f5fadf9f23f9ea78b0208d4b3b9 SHA-256: 4c7bd95c728468363d07da72aa07180c453860d1115c68912b4f183e4e740b7e
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. While no specific VBA or script content was extracted, the heuristic firing suggests the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, consistent with Qbot's typical delivery methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.