Qbot Office (OOXML) / .XLSX malware analysis — malicious · e0a5c972799e33de

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ede49128d7c26f48ef5eecede2e3bcc5 SHA-1: d8ee033bddee1d3aacca658dd62c034ee5e6ef48 SHA-256: e0a5c972799e33decb251c17a5cec6418363071969e46ad6a6c5777c54bd224a

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it is designed to execute a malicious document, likely by leveraging macros or exploits within the Excel file to download and run a secondary payload. Further analysis would be required to identify specific execution vectors or dropped files.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.