Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c00f1f1bc81bd2e2…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 25502fa7dac8a89d20789e34af7ed047 SHA-1: c701b8b065e724aab385839056db93f7b39f142b SHA-256: c00f1f1bc81bd2e2149efcec7a14e7764d327fbd543f753cc3c5ba3210c3a251
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggests this Excel file is a dropper for the Qbot banking trojan. The file's metadata indicates it is an older Excel document, potentially used in a targeted phishing campaign to deliver the malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.