Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d32c7fcb3af77a8d…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 962467f2da833f1fb6dce2bf55465696 SHA-1: b81616a8b51cc5bd265dff201beb19dbe85239bb SHA-256: d32c7fcb3af77a8d8b99fb053a9089571fbda752b0e898a145f402c280d8c770
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family dropper. This type of malware typically relies on social engineering within documents to trick users into enabling macros, which then download and execute the main payload. The file's structure as an Excel document further supports this delivery method.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.