Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7d37b29bb0dfc234

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 53cde3f6c177e2253c9ffcf660c3c360 SHA-1: ea5ce491c9329fad0527dd76e953fb0dd228e549 SHA-256: 7d37b29bb0dfc23478d5922c44e70d3219dcc88506f84dc493c2abff41ce8fc1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the detection name implies the Excel file contains malicious macros or embedded objects intended to download and execute a secondary payload, a common Qbot delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.