Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 f2accee41112bb79…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: b5d0714568890b75b95afbd8a038fe23 SHA-1: 51782092132e4fe73add2a72dde8480a1cd931eb SHA-256: f2accee41112bb7921994292e77a9b7503b5b54b0d6749f5490d3d9f5f1e5115
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no document body or scripts were extracted, the heuristic firing is sufficient to infer that this Excel file likely contains malicious macros or embedded objects intended to download and execute a secondary payload, consistent with Qbot's typical distribution methods.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.