Qbot Office (OOXML) / .XLSX malware analysis — malicious · af9c73e892405432

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0b030f20269184943590b6af94a4fe7e SHA-1: 807bbd7ae39df438b5a977b3b9906fa1140b85c6 SHA-256: af9c73e892405432cd0966a5a74ce0d370d1cec10aff21c04617e0c1399058ae

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on macro execution or an embedded exploit to deliver its payload. Further analysis would be needed to confirm the exact execution method and identify specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.