Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 abb9d484fb18e10a…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: b736f6c28b8ec99e1ec4bf890a7d923a SHA-1: f06642b883dc5ebe0bd8db8cd5f5bee53b098201 SHA-256: abb9d484fb18e10aca5de5293a4754cfbec014e040072a1842f949d6c8ed104e
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The primary IOC is the file's SHA256 hash.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.