Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d0ecf5306204ace0…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: f191000415062258fdb371617c99e7d4 SHA-1: 7ef77adcd36caba312cd197c70c88b5e65c4f25e SHA-256: d0ecf5306204ace08acda75599926b7788878884e1b06194595add0743b5a487
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family dropper. The nature of such droppers is to trick users into enabling macros to download and execute further stages of the malware. No VBA or scripts were explicitly extracted, but the heuristic firing indicates a malicious macro-based execution flow.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.