Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e792c405fe5aba28…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e190c52ccaaa277230e72e4350de6ef3 SHA-1: b526bea3f7f6331981e572c0a7c858c89913ecd0 SHA-256: e792c405fe5aba28dc83743b19b451973f919a600f77b3bfc21a1c08d227a915
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. The Excel document format suggests it is likely delivered via a phishing campaign, aiming to trick users into enabling macros to execute the malicious payload. No specific scripts or document body content were extracted, but the heuristic detection is highly reliable for this family.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.