Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 fff767fccd2613bf…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 9ccb13091698884b8b276f0eae0dab6d SHA-1: d94fb0446a68531fb3a95d79410993cf8ff60de3 SHA-256: fff767fccd2613bf6424fed5587db20d4396c818b72f223833a4681fd90ca6ea
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot malware family. The heuristic firing suggests the Excel document contains malicious content intended to download and execute a further stage of infection. The file's nature as an Office document points towards a phishing or social engineering vector.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.