Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 f2ea4893195ea898…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 83bfe67309ba999f687508abded8583e SHA-1: eba683dd15aa3effadf348b4e6e0d42e6da12c6c SHA-256: f2ea4893195ea898f21f9c3f0d096bfa77b0b01e336c4af8a9bcb148f7398bc8
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious Office documents to trick users into enabling macros, which then download and execute the main Qbot payload. The presence of the Qbot signature suggests a high likelihood of this attack pattern.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.