Qbot Office (OOXML) / .XLSX malware analysis — malicious · ffa80833e81b469d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ee2f51042eecc56b1ca6bc90fb7b0bf6 SHA-1: 280dc606efc07871252a41a34da909a845e83591 SHA-256: ffa80833e81b469de5e3c8b20a98122ca9bac6acbbfe4a3014c4c25125d8fa8b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The detection name implies the document is intended to execute malicious code, likely via macro execution, to download and install further malware. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.