Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d17896bd82912da5…

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: f2abf870bfbfc96de63c0c5c007d4f26 SHA-1: 8309a1a3d0bdf55f81b9e07f1cb0f99688da2b8b SHA-256: d17896bd82912da56c6a807b268497802434443924bd986643c0c32052798484
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user to open the malicious attachment, which then executes the embedded payload. No VBA or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.