Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1b4d2ed4079bf92b

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f469897398c9e5cdbdbd4ea759f98d37 SHA-1: 96c68e1c003aee47d8de4b682b9d6c4fa6d475db SHA-256: 1b4d2ed4079bf92ba95d4f797bf35b452d7bf3f5f7b2b1ded109e46dd1b96ae6

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel file as an attachment to lure victims into execution. The dropper functionality implies it downloads and executes a secondary stage payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.