Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1a3448bd1c6f3497

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3e8b171843287e7e930f739a81af8286 SHA-1: 5ea94c2be8849beb63ec01402f970070864cf0ee SHA-256: 1a3448bd1c6f3497e4aa76aaf7c1c70b4e2688c64dcdf110a6cf12579c8c95f9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no specific VBA or script content was extracted, the heuristic firing suggests the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, a common Qbot delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.