Qbot Office (OOXML) / .XLSX malware analysis — malicious · cd8427f0f9a59ecf

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f6f90abc208c7604e7824a289e82d6bc SHA-1: f4fe84cb00b5e8ad6f729395eff3a78a93b63788 SHA-256: cd8427f0f9a59ecfce5541064b22bd8a599e2f2d9d5535741a174dd5d9368f0c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The Excel format suggests a macro-based execution vector, common for Qbot delivery. Further analysis would be needed to confirm the specific execution chain and identify IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.