Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 ced61724599a12a3…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: be38ed346cc83a168eb1dd27becd6b91 SHA-1: 25f2a7f143664096450fcce3bba20af1e04b33f0 SHA-256: ced61724599a12a35028891c7c26b325dcf4086deaf02eeeb3024ef57d174d52
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious payloads. As an Excel document, it likely employs social engineering or exploits to trick the user into enabling macros, which then execute the malicious payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.