Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 cb16e4966d815109…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 986ff7f59c8ab8ad6ef89de804e2f9db SHA-1: eea2f2f53a641ec0e0ecee9892ab1de610422067 SHA-256: cb16e4966d815109a1b02a0970d31504c27af066b5fe2dda02fb7792e766bae8
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The file type is an Excel spreadsheet, commonly used for delivering malicious macros. The primary attack pattern is likely spearphishing attachment, leading to the execution of the Qbot malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.