Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e0174a8a2473952f…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 5947340a2e0f3d31fc3b0e46dd695bc8 SHA-1: beaad3937cd2eb3eab222a827612a697fb9e625f SHA-256: e0174a8a2473952fd029bab7e1227a02b26625363a0c3f18a2be0da922219d05
60 Risk Score

Malware Insights

Qbot · confidence 90%

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant. Such documents typically rely on social engineering to trick users into enabling macros, which then execute malicious code. The primary technique observed is the use of VBA to initiate the malicious chain.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.