Qbot Office (OOXML) / .XLSX malware analysis — malicious · b9d3001aa784a612

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9a86ed7d8db09529d99ef0c31f12e63b SHA-1: 406e67955712ea61abad6cc22aab0a94133acb34 SHA-256: b9d3001aa784a612a8e3c037f32757b175b3dae89ebb59d2ab03399278ad026c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening a malicious Excel file, which then executes a payload to download further malware. The specific detection name indicates a high likelihood of Qbot family involvement.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.