Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9d0879240368d391

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e16986fc6c19c9723e1c4f779647fb25 SHA-1: d10e06d62ad0fe5503540b6011ad42c3e819c567 SHA-256: 9d0879240368d391fee9ee8da2115b7c3f13b8b0cb6ec0e18ca81f9ceb9cdb18

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the heuristic suggests the Excel file contains malicious code intended to download and execute a secondary payload, a common Qbot delivery method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.