Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 3ff29fee8cdb676c…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: d6f35bee7a7f13c539509a24aa26bd65 SHA-1: 108d8c046378029e2ebc05a5e3fa747be5f96d02 SHA-256: 3ff29fee8cdb676c28c70b44d240c25fdcec9d94be70b7ebd699310c0f58ce48
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection signature suggests the Excel file is designed to execute malicious code, likely to download and install the Qbot malware onto the victim's system.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.