Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 f5f9e0cf47ffe39c…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 9689449ec8a7ded8bb05bb78f789fad9 SHA-1: 2a3cd27758ffe1b84b1ce2b64dfcd949f6c2c096 SHA-256: f5f9e0cf47ffe39c56845f580eb4bf0823fb03b94713f006faaf1e37d72129e4
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious document and executing its payload. No further details on the specific delivery mechanism or IOCs were extracted from this sample.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.