Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 a0d98753b81199d6…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 6a469fb8a78fbdf644736dcc63c6547d SHA-1: 211c5f7aa3fdad47de7686563b0391e57bfe8821 SHA-256: a0d98753b81199d6bd60ac3448613284f4a57f88aa7a4598d425446629f92947
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious code. No VBA or scripts were explicitly extracted, but the ClamAV signature indicates dropper functionality.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.