Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 2b2244b0291e3c2b…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 9ccae6fe5a2bb621fee43606f22707eb SHA-1: 1d97f537b23c4bf3ecfc428253489d1e6259242c SHA-256: 2b2244b0291e3c2b3739272326c54ac3b99534e327facc16592d2950020c6adb
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes its payload. No scripts or document body were extracted, but the heuristic detection is highly specific.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.