Qbot Office (OOXML) / .XLSX malware analysis — malicious · f032baddbe1b7ee6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: da07e0383b7d9c54e66507400b11f744 SHA-1: ea85da3b7bce2e1687c5a29465de404143b32b58 SHA-256: f032baddbe1b7ee64dc6cbc71c8eb3ff18c1582f82078e51da85dd9c0c57fb3b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The detection suggests the Excel file is designed to execute malicious code, likely through macro execution, to download and install further stages of the Qbot malware. The high confidence is based on the specific ClamAV detection name.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.