Qbot Office (OOXML) / .XLSX malware analysis — malicious · c8e83f3c4c51e8aa

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 694c49a130f988c9360f7c01847134ba SHA-1: 464a1bc64cfdd5b44d14139456a7dca434acabf8 SHA-256: c8e83f3c4c51e8aac87a0ba07ddaf94408d57f3ba9cf87d4422a196271122b9b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The critical ClamAV heuristic identifies this Excel file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The file's nature as an Office document suggests it relies on social engineering or user interaction to execute its payload, likely involving the download and execution of further malicious components.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.