Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c9e2adab56cba4db…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: d474c4906a3570c64eee94bc3236df6c SHA-1: 5deafdfff3487790ba27f0a128fa1125b426fb98 SHA-256: c9e2adab56cba4db3685334d5254b2500de31a5c1db79c1e0468b49d76c61e60
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The primary function is to download and execute a second-stage payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.