Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 ad6955976f44d529…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: b604cf31bfed15003b392b50440dbf8a SHA-1: 4f0e240f76dcb12ea42fe00ca4c95bf0b9cdebe1 SHA-256: ad6955976f44d529759dae5401bd05a168f63872b2e5d51e475daccf82c0bb90
60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's metadata shows it was created in 2006, which is unusually old for modern Qbot variants, but the detection name is specific. It is likely intended to exploit a vulnerability or trick the user into enabling macros to download and execute the Qbot malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.