Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 eebd08b843bed5f5…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: bd79950c98cddc80c25a5fcef6704caf SHA-1: ac8eaaf5faee68f5723be9e888bf1d72f7e54543 SHA-256: eebd08b843bed5f567fcfa4d7034fe0ec365594b749943b44e07b15eeb4ed4ae
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or embedded exploits to download and execute the main Qbot payload. The presence of this specific ClamAV signature is sufficient evidence for attribution.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.