Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 7b5f93958feb07fb…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: a5c97c1caf4f98c004cf893d8b0d6d4d SHA-1: 074123fcca496cc5ec2be55c1332d7d9559dad8c SHA-256: 7b5f93958feb07fb36437f44f2240d90e7a1028802bb78828ce1753cb8e2a302
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file is typically used to lure users into opening it and executing malicious code, often through social engineering tactics, to download and install the Qbot malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.