Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 af08158bbdd21dd0…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: baf0a495f9bf70bb1f54fce43d739d14 SHA-1: d06ef526cf2998ebf8b18b6670187bcd6c34d876 SHA-256: af08158bbdd21dd04de84d8803c733b271f29f052de3c899487be5a6b54e7ce6
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely uses social engineering or exploits to trick the user into enabling macros, which then execute the malicious payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.