Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 bffe0ebd69272d81…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 8807bfd170a171655e51df4e054b7023 SHA-1: 235b0604d4c26e784c05a8a7cd65fcb238953946 SHA-256: bffe0ebd69272d813e448f59dca8a9306c30d35db4a2ff686e1ae5f69b203617
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. The primary function appears to be the initial infection vector, likely through social engineering within the Excel document itself to trick the user into enabling macros or interacting with malicious content.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.