Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 a98f7fa873438012…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: bb7f9cb0162e6745a0b83bb4fc65c092 SHA-1: de04fa4df08ffd36871a07dd9647966e9f9db0f9 SHA-256: a98f7fa87343801236458a7bf3c63d47b2e0a19bd3dd35802f6c0ba536ff00d7
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1204.002 Malicious File

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicates this is a Qbot variant designed to drop a malicious payload. The file type being an Excel spreadsheet suggests a macro-based execution flow, common for Qbot droppers. The primary goal is to trick the user into enabling macros to initiate the download and execution of further malicious content.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.