Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 46c037f0317cbaa0…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 7650dd2d13f7dcc2551add261068f2c2 SHA-1: bb1389ad48584375d5f8e294a3b04be6e61c883b SHA-256: 46c037f0317cbaa00cbe87aea529ccd07f1e15969071d7a622167c2239a93bfd
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The primary function of such documents is to lure users into enabling macros, which then execute malicious code to download and run further stages of the infection.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.