Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 ae75e906391524e7…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 9bb10f23b960d6f283be3da4b795dcd5 SHA-1: cfffdfa1f3e8383ca7eb758fc2029ffac19378a3 SHA-256: ae75e906391524e738f7df871b12342dccf87fd08c4a166a5ecda8c057f6aa26
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates this XLSX file is a Qbot dropper. Qbot droppers are typically used to download and execute further stages of malware, often through malicious macros or exploits within the document. The file's metadata and verdict further support its malicious nature.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.