Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 fa39b00a9344762c…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: db615445bc97a48fb95c7af4eb7fb4f0 SHA-1: 60c5711f565093e7ec2a8ffcc113dbd501f694d0 SHA-256: fa39b00a9344762c75de86180d7fa0b96656cf37f1a409333147ae51b78b006f
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection suggests the Excel file is designed to execute malicious code, likely through macro execution, to download and install the primary Qbot payload. No document body or scripts were extracted, but the heuristic is highly specific.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.