Qbot Office (OOXML) / .XLSX malware analysis — malicious · aac27890245bd1e2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 38050371e0ef0ff54384e69999a4e43c SHA-1: 20f42225243553fa8092d84e43be29c35494602b SHA-256: aac27890245bd1e2aec2f2723573c27b3fbbc46fa2a74080184f336bf17a1623

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on social engineering or exploiting macro vulnerabilities to execute its payload. Further analysis would be needed to confirm the exact execution method and payload delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.