Qbot Office (OOXML) / .XLSX malware analysis — malicious · d3a5325f3143f91b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1433a1da65ae364a0958f031fd3ae1c9 SHA-1: f2a11ace6a28b9022e84344158bf34d57ba083d4 SHA-256: d3a5325f3143f91b13dc2f651d218044c6e24d3d6cd853ee8fb0f40f535d1233

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file is a dropper for the Qbot banking trojan. The file's metadata indicates it is an older Excel document, potentially leveraging an older exploit or social engineering tactic to deliver the malware. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.