Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 9a459c5366aa484e…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 3b6fa088bd1bd15333324987a12f0732 SHA-1: eb2461d889563650dde527c9019307149eba5898 SHA-256: 9a459c5366aa484ee7bebcb9ed6ad7534803196840e933c44b3b8d6b1387a8cd
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic identifies this XLSX file as a Qbot dropper, a known banking trojan. Qbot is typically delivered via phishing emails with malicious attachments, aiming to download and execute further stages of malware onto the victim's system. The file's metadata and detection name strongly suggest this malicious intent.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.