Qbot Office (OOXML) / .XLSX malware analysis — malicious · a7131493f88b3e03

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 400fad945ff982b7233f626402a8eee7 SHA-1: 3062ec17bcfc999f430b5adbf15899832367bdab SHA-256: a7131493f88b3e036cc9ee2df50da3d0d1151f073ae001242a18cf20cdb162ee

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the detection signature implies the presence of malicious code within the Excel file, likely designed to download and execute a secondary payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.