Qbot Office (OOXML) / .XLSX malware analysis — malicious · a35c5f1879f29f9d

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 53891d5b388cefa20a0a7fd55c59718a SHA-1: ab67ea6c11c2b5a7e5a9711333346fa658162da6 SHA-256: a35c5f1879f29f9d9bbab9bbb964cbef21da031d1bd7c3cc1df75757eec1543c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The detection name suggests it leverages Excel macros to initiate the malicious execution chain, likely downloading and running a further stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.