Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d8a4bfb70e1819b5…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 3f543fbf0a169667c32efb2fc99fe8d7 SHA-1: d69511cbd02a57fac60f55afd6af3d15559aa768 SHA-256: d8a4bfb70e1819b568dd03ede66bc30e13f0434a3006444a1a9fd9f1dd8c1881
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes the embedded payload. This aligns with common Qbot distribution methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.