Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 ee6e762cef2189fa…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: c001dc0cfeceee1e0fe7376b6a8dc19e SHA-1: 076145b75a87d0d707f2365c1bf6df657588fba6 SHA-256: ee6e762cef2189fa251e2eee86a2a0da5dd1c9a8e8bf3311e5bd83c3f8e01ad3
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel document. This suggests the primary attack pattern is likely spearphishing, aiming to trick users into opening the malicious attachment and subsequently downloading and executing the Qbot malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.