Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e7a05b2649da4cdc…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: a4414b8b0ead32ab1cb2b891d8fc7f8e SHA-1: e1755159a5b2d29d97fa4d6eb6adcbcd85454976 SHA-256: e7a05b2649da4cdcadd0c7fb066d055f725f66971ee121055c2b8dabbfdcb81e
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file is typically used to lure users into enabling macros, which then download and execute the Qbot malware. The detection signature itself is the primary IOC.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.