Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e013a4a823ff1d7f…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: ab7f2b68753dd01bc8539cf1e67639f1 SHA-1: c03fe9bd1571a532f78044a3acf407bee3f513ca SHA-256: e013a4a823ff1d7fbd64b787e63ad0bf9811a9031a0cce1c5d72920c4876050d
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The primary attack pattern involves luring the user into opening the malicious document, which then executes the embedded malware. No further details on the execution chain or specific IOCs were extracted.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.