Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d78c5170deba9dde…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e657dc200e23e16d27f692ccf36808e7 SHA-1: a4d56f68e606f855c0115c732a2cb50ffe7e476f SHA-256: d78c5170deba9dde97805997aed5e14f434a8fccc12985579c7c3d638fac9788
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious payloads. As an Excel document, it likely employs social engineering or exploits to trick the user into enabling macros or opening malicious content.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.