Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c2a9cd264df7a462…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 34fb697bfb20f81ec0f6646f302f52c3 SHA-1: cc962e650bc8d4dc6ad67ec51f61596e35c0ed61 SHA-256: c2a9cd264df7a462745e0d17229602b092cd04e64d25d041aa213a84b98aa61e
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel file, it likely uses macros or other embedded content to initiate the malicious payload, fitting the pattern of spearphishing attachments. The primary IOC is the file's SHA256 hash.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.