Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 c5d704bb5323ec34…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 2910556fe7ed4006a1c5a231b55e7fd4 SHA-1: e9467b639eda51251a235bc3c18ab37a92ed732d SHA-256: c5d704bb5323ec3475152fa03ec77c206b1034814c5aabd724bdf57e3970fcd9
60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic specifically flags it as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. No document body, scripts, or URLs were extracted for further analysis, but the detection name is highly indicative of the malware family and its function.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.