Qbot Office (OOXML) / .XLSX malware analysis — malicious · e1c0c6855fc128fb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 546edd8c0449061c2ae2a71ab665f8b7 SHA-1: 99e9fdab0638882a9fb10a6774b55bdb9473b56c SHA-256: e1c0c6855fc128fbdcf8c1800964a42c08cb2e2f976159a6f1028226c7f862ea

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its malicious intent to deliver the Qbot banking trojan. The heuristic firing strongly suggests the file's purpose is to execute malicious code, likely through embedded macros, to download and run the Qbot payload. The file's structure and detection name point towards a common Qbot distribution method.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.