Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 4d746301fa85d7d0…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 33bf7437bc1300e6118c77677b7dee95 SHA-1: 43e729afb6bbf965dab45ccd6966b0cc97324696 SHA-256: 4d746301fa85d7d012cfc970f9632955b22c85cc6e843e77370a87764fd2f0b7
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macro execution or exploits to deliver the Qbot payload. The primary attack vector is likely spearphishing, with the user being tricked into opening the malicious attachment.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.