Qbot Office (OOXML) / .XLSX malware analysis — malicious · df680e0e20aa8d19

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bc3e4737f481da1853fec8d511c9b27f SHA-1: 90c44554285bf60d2cf52db2798b0f35ecb87a39 SHA-256: df680e0e20aa8d1952c548d7dcbf5cea17f3c21e04dc442f4f8d687070c11c73

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on social engineering or exploiting macro vulnerabilities to execute its payload. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.