Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1aa4892a300fcfa1

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5181a490f8d22628908e803f46cca20c SHA-1: 31ef7c36ad36fcc0cf79280b2215c413a08ca2ec SHA-256: 1aa4892a300fcfa120ad49512dfcf9a5b778c67be96fa8967e7ea01320136551

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the heuristic strongly suggests the Excel file contains malicious macros or embedded content intended to download and execute a secondary payload, consistent with Qbot's typical delivery methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.