Qbot Office (OOXML) / .XLSX malware analysis — malicious · ac5096b886118900

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 48ab87c707d466f7e7c385627b0a438a SHA-1: da5f8ca1d95b1d9de7734219223337d0b8379cbe SHA-256: ac5096b886118900f8dd28b7fbacc82b3cf8824039f2ee4b4e124cc81e456b78

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Code

The critical ClamAV heuristic identifies this Excel file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The file's structure as an Office document suggests it relies on social engineering or macro execution to deliver its payload. The SHA256 hash is included as a primary indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.