Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 db6bc236b27c92a0…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: f41fedb859f1eb5665fba74df2c07f27 SHA-1: de0da046913fae512efbba6e09cca9f0df9bec6f SHA-256: db6bc236b27c92a02ac96f2e0542a36fdaab4fbcf95a190a6d580dcd59f7e2f8
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot malware family. As an Excel document, it likely employs social engineering or exploits to trick the user into enabling macros, which then execute the malicious payload. The SHA256 hash is included as a primary indicator of compromise.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.