Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 9c65895098705822…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 6ab6f7e260ab0dfe2332f9c4675b4b36 SHA-1: 590c17dbf3c26c5069a8648dace4bf8f731afb6a SHA-256: 9c65895098705822555c0a8dd39644546b731762db48e36066e528765ceb5078
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no specific VBA or script content was extracted, the heuristic firing suggests the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, consistent with Qbot's typical delivery methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.