Qbot Office (OOXML) / .XLSX malware analysis — malicious · 43ba8a3c2e0922a0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 66f276861a8a6e37f2eec46ffcad1ac5 SHA-1: a5fc136e60b96f20e0c4304f9ba4f671d658dd7d SHA-256: 43ba8a3c2e0922a0e94df9578b7497dae06296d22e6c9ee5b72eb76e8ae55ffb

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV detection 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file acts as a dropper for the Qbot banking trojan. The file's metadata indicates it is an older Excel document, potentially leveraging an older exploit or social engineering to deliver the payload. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.