Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 b76a8328426f6e60…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 0ad08b05124da691077bf99d81b64de7 SHA-1: b4970cc4189217a4bed62c21a23c89627dfdd5ff SHA-256: b76a8328426f6e606ea19525270c0af058594d1a49052f24c7c97e28539ac776
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. This type of malware is typically delivered via malicious Office documents and is used to download and execute further stages of the infection chain.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.