Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 b9834308f52c42f4…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: c9ebabd4461fde39f849bfd6089c0e62 SHA-1: 6234c71f3bbc3b4e92935cc6b645588ed740ea58 SHA-256: b9834308f52c42f41eefab03ae261dc6bd2ef3d76dea71605d9c99bf7157c37f
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within the spreadsheet to download and execute the main Qbot malware. The primary attack vector is likely spearphishing attachment.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.