Qbot Office (OOXML) / .XLSX malware analysis — malicious · c3800bb010cb759a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 794f9b4c24dc50e40ffe2af6db901673 SHA-1: b4451e50b6b85d083f70f88d6a5f9fdcbc3dc9f3 SHA-256: c3800bb010cb759a28893d3515302cbe65c6dbd8df4d6adc2d61ab241e9851d2

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. No VBA or scripts were extracted, but the heuristic indicates a payload download and execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.