Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 80f89babf93ed347…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 6679afe9786ee0981896687a7d2e7613 SHA-1: 3347150acab089fc12dacf6fd365f3567d0694e2 SHA-256: 80f89babf93ed3471847c04e3171617b613b3b27aae1a4e70971d83da03385f7
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The file type is an Excel spreadsheet, a common format for delivering malicious macros. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the document and enabling macros to download and execute the Qbot malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.