Qbot Office (OOXML) / .XLSX malware analysis — malicious · 440abcf474c1d5ff

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 49226451e6f514fb4fba2ebcd6413026 SHA-1: 04f90bcc3cf3f576a8cfbba63ff18246c4e5b150 SHA-256: 440abcf474c1d5ffd54fef2f7bee156ccc4e43b8f68c7416b04d88ff0ad31032

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it acts as a dropper for the Qbot banking trojan. The Excel format and the detection name indicate a likely phishing attack vector, where the document would prompt the user to enable macros to execute the malicious payload. No VBA or scripts were explicitly extracted, but the dropper functionality is implied by the heuristic.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.