Qbot Office (OOXML) / .XLSX malware analysis — malicious · d5b974aae2c8e9f1

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 00c4bcaf86531cd7bd4b22768de5c4a2 SHA-1: b41c2f048cb5270c0f70d1e2611648d05c9ed5f1 SHA-256: d5b974aae2c8e9f1e9a355490e62c46348d3a073b5cea8bac1698a55b54b1469

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File T1566 Phishing

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicates that this Excel file functions as a dropper for the Qbot banking trojan. The file's metadata shows it is an Office (OOXML) XLSX file, consistent with macro-enabled malicious documents. The SHA256 hash is included as a primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.