Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 9dd0bbc431e23968…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 34030b77a4444cfbf5692e097cb0ca1c SHA-1: d252415829365a8c0a2ac37c5e39b31b77d61c48 SHA-256: 9dd0bbc431e23968d8a7a134feb3ac395eba2a8d6d652e212c42dfa853b6bfd5
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly suggesting Qbot family involvement. The dropper functionality implies it's designed to download and execute a secondary payload, a common tactic for Qbot. No specific URLs or scripts were extracted, but the detection name and file type point to a macro-enabled malicious document.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.