Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1e2ba0bcec899c9d

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5a73d84c25c0a8fe567469988082269f SHA-1: 7bdf4bca20f0d52abe56993d3d2dfae1c7a88796 SHA-256: 1e2ba0bcec899c9d0c084d1770ba5996131ab47275076e0df7b221d31b4b6831

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the heuristic firing suggests the presence of malicious code within the Excel document, likely intended to download and execute a secondary payload. This aligns with Qbot's typical delivery methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.