Qbot Office (OOXML) / .XLSX malware analysis — malicious · 316c528b9d23bb92

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 362c0e6b930b56eef8a8fe3c7e17b3e8 SHA-1: add54ceff41cd825ee4c7d581fe103f67970c25a SHA-256: 316c528b9d23bb92d61e54863654a60322fc6092ddd65ea1fe6dac00d6b627f3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the heuristic firing suggests the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, a common Qbot delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.