Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 fb66fa46dd5b17f7…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: cbd907f5e05dfb83ba89813a836f03a1 SHA-1: 36689f901abb70f05b5a79303a256d843c02ef2c SHA-256: fb66fa46dd5b17f7c8476aa0af2c95891259edd6d43c83a8265098ae70287988
60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot downloader. While no specific malicious content like VBA or external URLs were extracted, the detection signature itself indicates the file's purpose is to drop and execute the Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.