Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 2dce8b617548a9fc…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 8f63088df83ba49bad2de1732a07143c SHA-1: 878bf79a07fdc58144c0656e07df736d3b8e20bf SHA-256: 2dce8b617548a9fc1075169c969633264e0273eb936c812c4f7dbb6ef099430f
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it leverages malicious macros or embedded content within the Excel file to initiate the infection chain, likely by downloading and executing a secondary payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.