Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d370af0030b25ae2…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 828a8a9ef5cf5cf3710e1bb47b2d887a SHA-1: bb206d1f19b5c16ad878a0f3e4c9bb8e4eec00fb SHA-256: d370af0030b25ae259dcbd31d5f5553f60334da9c38ae84f833f8c52ac756d8d
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. Further analysis of the document's content and any embedded scripts would be necessary to detail the exact execution method.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.