Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c8821a4b82159caa…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: acd4fc43a8440c75a989ce1ac9ed2d81 SHA-1: 46bdd498600200321846036817b3a86ee5808dde SHA-256: c8821a4b82159caa8783dd6c2fa95c701e71feb040ad7d193fc71d9bb43cb2e2
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros, which then download and execute the main payload. The heuristic firing directly indicates a dropper functionality.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.