Qbot Office (OOXML) / .XLSX malware analysis — malicious · 57647edc4e2edb7a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 94489d7ad45606cf877da3b5533ff1b1 SHA-1: 9fc4287e11c13658e684a3e29e4064e02d073dba SHA-256: 57647edc4e2edb7aac8d16c014a9b5572c68e12e122ba679784f87b74f613661

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The critical ClamAV heuristic identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. This type of file typically relies on social engineering within the document to trick the user into enabling macros, which then execute to download and run the secondary payload. The presence of Qbot indicators suggests a focus on information theft and banking trojan capabilities.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.