Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 f512d696b8eb7fc4…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e8a8c7d63ec8a8f628897c37a2fc231a SHA-1: 74143f969ae5b04678384d384139bc99bad6d223 SHA-256: f512d696b8eb7fc41b33062ddf871c78ce8302c8d3ced7c4c3c032d4497e3789
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot malware family. The presence of this specific detection signature suggests the Excel file's primary purpose is to facilitate the download and execution of additional malicious components.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.