Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e52103cdc84cf0e6…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 2e8496c8bb9e81dac5dab947bea052fb SHA-1: db890331fd7923b6f80b4ff2dc0e2913cefe092a SHA-256: e52103cdc84cf0e6b38e016f36ea916a662b6128f2bc7d9cda7fbea8a40ef2a1
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA scripts or document body were extracted, the heuristic detection implies the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, consistent with Qbot's typical delivery methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.