Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 939df8d085246bf2…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: d4a6ea3bae7aba9272bf21a853e782cb SHA-1: 2677404e2e3a5d7769d95351be1dcb2ab810a477 SHA-256: 939df8d085246bf2fa1013028fd0ca08e0362538f2cc746f81bf0d262bd545f0
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel spreadsheet. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The file's metadata and verdict further support its malicious nature.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.