Qbot Office (OOXML) / .XLSX malware analysis — malicious · c3c3d0ae938831e7

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 923ccff39cecb929b7c958bb1358690c SHA-1: 59c04f4b201f2122aa4e365b404b7c3013adda38 SHA-256: c3c3d0ae938831e73c6d35664730c59a796876b9e565351201b6e28faf9b9c5e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no document body or scripts were extracted, the heuristic firing is sufficient to infer that this Excel file likely contains malicious macros or embedded objects intended to download and execute a secondary payload, consistent with Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.