Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c5b520e03c8b0a19…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 094df8713aa76c70cfa23fa217017269 SHA-1: 44a9bd5e291dd0f13fdea0d77b3beca30fb67b90 SHA-256: c5b520e03c8b0a19657313499626b682727a02a86c6f6984c45effd2758eb255
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macro execution or exploits to deliver the Qbot payload. The primary attack pattern involves tricking the user into enabling macros or exploiting a vulnerability to initiate the download and execution of the malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.