Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 b600d7018b54b294…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 26fe0e813c89f72a55bcbff8566fcb81 SHA-1: b25cb62288cad154753fe30a17a260a594a44b9f SHA-256: b600d7018b54b294d6e4ea6a8fac20bf440ea3007b326d93d9e874ca155d33b8
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious spreadsheet, which then executes the embedded payload. This aligns with common Qbot distribution methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.