Qbot Office (OOXML) / .XLSX malware analysis — malicious · d5d65f5f5f87abec

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 586902ca5ed9c0184bd6bc2033b9be94 SHA-1: 74ab2bf53e5953a5f65637689b1135a99a41e313 SHA-256: d5d65f5f5f87abec7db4076a3e88dac0432894caec39e568afe7569ea9d6a548

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot malware. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.