Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3c575f232116591b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7e90932e03c518837bcf9b4c9d220eac SHA-1: 63dc4a667143100017f9f51706136202b4d8ae22 SHA-256: 3c575f232116591b3c21f66b2d8e7bf2688379968a599f939f7ea508a6f1acd3

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on social engineering or macro execution to deliver its payload. Further analysis would be needed to confirm the exact execution chain and identify specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.