Qbot Office (OOXML) / .XLSX malware analysis — malicious · bacf17c3305dbcdc

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: de17012641418895ab9992f37d285223 SHA-1: 5d4b78317e3caf6601b46e09bfeccd36223b79e5 SHA-256: bacf17c3305dbcdcd1ecd9bcfa3081374e56e288880b74e7e5f4a05d4ed6d5f4

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely uses macro execution or an embedded exploit to deliver its payload. The primary function is to download and execute a secondary-stage malicious file.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.