Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c232ba26f2aea2ae…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: ebe8e48d1019c0617998a44935bfc1a1 SHA-1: 5cb759b47fbdaede75ccea0038886182c827a569 SHA-256: c232ba26f2aea2ae6e81e3a2dc5f4c791f0831e2686df0a17386cb112568e76f
60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK
T1204 Malicious File

The file is an Excel document flagged by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. The primary function is to download and execute a second-stage payload, though specific details are not available from the provided heuristics.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.