Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 39f788e0bafb0acd…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: e00e877a8ee43e1be086057dc74e28dc SHA-1: 777954f07daab02a15472623ee6c040210a6cc16 SHA-256: 39f788e0bafb0acdab078f7142f11e47beb7519b04781569eaeb82b5270c4087
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Excel documents to deliver its malicious payload. This pattern is consistent with spearphishing attachments used to initiate malware infections.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.