Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 e6a90662e87dc412…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: a136935e1391b398ecae62fc50a8bc9b SHA-1: 892bc9724d0e8780aaff591ceecd344437b2822c SHA-256: e6a90662e87dc412efc7f089475d1996b1ff0e5e898f36b1275d3d0310239269
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no document body or scripts were extracted, the heuristic detection implies the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, consistent with Qbot's typical delivery methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.