Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 9b2b8a2498dce263…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: c9c1048cac5b6a88ba9d03ea34fbeb1a SHA-1: f45b6b4460e0672c2cb73d6552e936bf030ac898 SHA-256: 9b2b8a2498dce2636010d4ed0e0cb40067614f098656bb689916abf9250346a5
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a secondary payload. The file's nature as an Excel document suggests it was likely delivered via spearphishing, and its purpose is to execute the dropped malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.