Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c1e85648562e7139…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: af67bd2ea933f02c6886164085709782 SHA-1: dd1caacc44886fb4b5ea7c27d398275c1647b6fe SHA-256: c1e85648562e7139fa87e69b54880337b1f57a5a37494fcee530c50be5835b11
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating a Qbot family infection. As an Excel document, it likely employs social engineering to trick the user into enabling macros, which then execute the malicious payload. The SHA256 hash is included as a primary indicator of compromise.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.