Qbot Office (OOXML) / .XLSX malware analysis — malicious · ae8e18a1aa0fa732

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6d30e93e9cd98bd902db87c37d2fd3d7 SHA-1: 0846b2c0619e456ce7bc2a71d58dadc8da0454fe SHA-256: ae8e18a1aa0fa732f0db58a9644c8204925f140e465c97b4b049d5798747fb15

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The primary IOC is the file's SHA256 hash.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.