Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 f1f49ff73d949156…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: b75bfff3c98807a0ad8ee4a1213e1917 SHA-1: 76a538c3c5b1e9be25be7cc8d823f76ce52e3d12 SHA-256: f1f49ff73d94915616ebe81ef4b9251d2b47cf9a547685a7ba189aa808dcc627
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial payload. Further analysis would be required to determine the exact execution chain and any network indicators.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.