Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 8c2b9b823ad4b877…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e46ea801ccce66cf0d8f5498ed4e976d SHA-1: caf047f224ebc34812ea36787239987836132588 SHA-256: 8c2b9b823ad4b87767eae2156d71f049abdb1fba4a2cb61fed7590e024d764f3
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggests this Excel file is a dropper for the Qbot malware family. Its primary function is likely to download and execute a secondary malicious payload. The file's metadata indicates it is an older Excel format, but the detection points to a current threat.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.