Qbot Office (OOXML) / .XLSX malware analysis — malicious · e1c5b13c8fbf1ba5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e7209c7c84a7eada0a09bc452cab4f41 SHA-1: 8bf7c03394a376215913db3080b7fc32a8f37f31 SHA-256: e1c5b13c8fbf1ba5bdcc60d54e8189016ae0c2b284e90062130e3bc0b3de097b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The presence of macro-related heuristics further supports its role in executing malicious code. This type of document is typically delivered via spearphishing attachments to trick users into enabling macros, which then download and run the final payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.