Qbot Office (OOXML) / .XLSX malware analysis — malicious · d0e67726c6c41f16

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 32b98092cd31ccc6d3797e5b574e1cc5 SHA-1: e6dc0f2bcab10fb596ed4a37f8e9c5859fc39886 SHA-256: d0e67726c6c41f168812b027e60d691b07a099aa4dc06759fbc5794b3afe9c47

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious Link T1059 Command and Scripting Interpreter

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The document likely employs social engineering to trick the user into enabling macros, which would then initiate the download and execution of the malicious payload. No document body or scripts were extracted, limiting further analysis of the specific lure or execution method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.