Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 9a739dfa8bf92a22…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e8128eb3884f9aa30650935a04c57ce8 SHA-1: b99f464bf80293f7da845bc8d3b6e56ad0241288 SHA-256: 9a739dfa8bf92a225a00d87e35e299812c17e7558274a051ffea10ef0df7bb38
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of document typically uses social engineering to trick the user into enabling macros, which then download and execute the Qbot malware. No specific IOCs were extracted from this sample beyond the detection signature.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.