Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d8b14fccf7118ff1…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: bed0f6b38820b73f5788b2acdae978df SHA-1: 899aef69ca1f5aeb21e86adfa01cc0cf598020f9 SHA-256: d8b14fccf7118ff1d1b75585c103eeb318bafe3cb2f04e10bf1582e92f271733
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant designed to drop a secondary payload. As an Excel file, it likely relies on social engineering to trick the user into enabling macros, which would then initiate the download and execution of the malicious content.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.