Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 95992f32815d8773…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 5ae5634cfccd5c599a5a05e8b64d2f0f SHA-1: f28c8e7272cf775886d61e0ddbfee1ae9982e6d9 SHA-256: 95992f32815d87733a6fcef6080979c581529f94ada9df8d726b498a5221198a
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The critical ClamAV heuristic identifies this file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot dropper. This type of document typically relies on social engineering to trick the user into enabling macros, which then execute the malicious payload. The file's purpose is to download and run a second-stage Qbot component.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.