Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 a5d9fef7e410f7f4…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 1d86a2fec52fe75a43dfc1896a022b26 SHA-1: 2bcd97b30dd062ca8aa05fbb931d3e83fe2d33e6 SHA-256: a5d9fef7e410f7f41788ca7c5615edf8e5a1d886ded345c591ea7ee617c3d0f5
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. While no specific VBA or script content was extracted, the heuristic firing and file type suggest it likely contains malicious macros intended to download and execute a further stage payload, consistent with Qbot's typical behavior.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.