Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 5a1b07fa921ee5b3…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 451012ae165dbf6bd38b888cfb61633a SHA-1: d34261709909baf3bee2ec13bafc8065d616fe2d SHA-256: 5a1b07fa921ee5b390758f81e19a223c495b91d070a73695dec63d4f13618d6a
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates this Excel file is a dropper for the Qbot banking trojan. Qbot is known to be distributed via malicious Office documents, often using social engineering to trick users into enabling macros. The file's purpose is to download and execute a secondary payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.