Qbot Office (OOXML) / .XLSX malware analysis — malicious · ff75906f3b46ffb2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 357f3443fd1edb144856153780cd3dd5 SHA-1: 100307620381b28d296f9f1f78a19e534815d4f0 SHA-256: ff75906f3b46ffb2865c24ca848e04a0fa6e72b5295de4510eac5ae9a07fd551

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The OOXML format suggests it likely contains malicious macros to initiate the infection chain, consistent with Qbot's typical delivery methods. The primary function is to download and execute a secondary stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.