Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 f4d9b1e936506220…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 7696b461873e0002e1a6cfba57eceec8 SHA-1: 03ace96d2a5c98b26ed31af92bb3cfb704168b85 SHA-256: f4d9b1e9365062208f2f31521f28822c6b57230f21aace0d8b795d0f78b81172
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial payload. The document's purpose is to download and execute a secondary-stage malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.