Qbot Office (OOXML) / .XLSX malware analysis — malicious · ce7a0c16b818680b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f92ceb68c2ef4d1e4df0f8b25b3f14ef SHA-1: 486050f042044b5fa458a78e36b0e22829cd59a8 SHA-256: ce7a0c16b818680bb9532cfa05c03e1238ebe61ab69d53693d5d2ce893b2fc98

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

ClamAV signature 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file functions as a dropper for the Qbot banking trojan. The file's metadata indicates it is an older Excel document, potentially leveraging an older exploit or social engineering tactic to deliver its payload. Further analysis would be required to determine the exact execution method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.