Qbot Office (OOXML) / .XLSX malware analysis — malicious · 44bbd36047fb497e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 89cc94883260547f66537c140a167447 SHA-1: e796a9feaefd80460808b89e11f005bd841c941e SHA-256: 44bbd36047fb497e0d1c0e0f6e7b6efdab0943b7b44855e806f61f53a45adbee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the heuristic firing suggests the presence of malicious code within the Excel document, likely designed to download and execute a secondary payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.