Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 cb2444c9e281996f…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 62d6999c9467bdf3ab8a10c2e44bf526 SHA-1: 2b5df78b0cc3ef9b711c74c674006fdb0456ac18 SHA-256: cb2444c9e281996f39df9254013aaa9aa0764c1ef6589d919548b6249501b2d8
60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK
T1204 Malicious File T1566 Phishing

The critical ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates this Excel file is a dropper for the Qbot banking trojan. Dropper malware typically aims to download and execute a second-stage payload, making this file a likely initial access vector for further compromise.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.