Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d5c005ac4fcafd98…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: f3313cbc5089ef0c04ddb9c1b20a35e8 SHA-1: fb3fed4830ab2627d7485442ed03ed37c525dea6 SHA-256: d5c005ac4fcafd983253ca876a3d16ef8b6227bcab8b8895036cffac55516871
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot downloader. Qbot is known for its capabilities in downloading and executing additional malware stages, often involving banking trojans or ransomware. The file's metadata shows it was authored by Microsoft Excel, a common vector for macro-enabled malicious documents.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.