Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3b88e4323f10523e

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1a7458f004e7664942770934d2408581 SHA-1: ea08658fb644e4e681bb3a1e9dbef5b4031f697f SHA-256: 3b88e4323f10523ed2209411f31462b1cee6eaf5afc2e0a6aa3794b775557594

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The presence of macro-related heuristics, though not explicitly detailed here, is typical for Qbot delivery via malicious Office documents. This suggests the document likely exploits user interaction to download and execute the secondary Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.