Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 ce6ebdeeb7e0dbbf…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 8dbef22864e906d4fed0b881acf01894 SHA-1: c80a5d8976fc7376cae01a3c90deb784f25146d9 SHA-256: ce6ebdeeb7e0dbbfa268e3b3bf5b32998d7e380372ffa5f25a745ebdd1cb4edb
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such documents is to trick users into enabling macros or exploiting vulnerabilities to download and execute the Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.