Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e6a6e641dcaba017…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e63d66a3ebdab75ec675d74d274c852b SHA-1: 158760b7e8daf424ddace53405324cf419984c93 SHA-256: e6a6e641dcaba0177fdfa73740ec2ea1ce45ce0f7de7e68778f75a59f772efc0
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop additional malware. The Excel format and the dropper nature indicate a likely phishing attack vector where the user is tricked into opening the malicious document, which then proceeds to download and execute a secondary payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.