Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 ed0ee5bfbed806e7…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 0c5a0f673cc2e34116bbdb29f5246ae5 SHA-1: 0420416731cb3d158c20a95ab3a1b983a3cf80ee SHA-256: ed0ee5bfbed806e70bcccdeb476e424e1601b7541bd6731acf070bc400897409
60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK
T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. While no specific scripts or document body content were extracted, the heuristic detection indicates the primary purpose is to facilitate the execution of malicious code, likely by downloading a further stage from a remote source.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.