Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 20fa68fdaa40b548…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 7cb6ac20c6597a122277e225a6b7ae79 SHA-1: d25b3b555a6fa87228ca9db97d0d7e2e71a070fe SHA-256: 20fa68fdaa40b54807f2a9f69a0902c0657f7752b1e8aabbd12b16d17027378d
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious spreadsheet, which then executes the embedded payload. No VBA or scripts were extracted, but the ClamAV detection is highly specific.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.