Qbot Office (OOXML) / .XLSX malware analysis — malicious · 207c686cd28ec4cb

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: eccfac52b7619410e054a3036c3402a8 SHA-1: ddbb4e1ac2f8af3047d6a84030aea71a9ea40947 SHA-256: 207c686cd28ec4cb0db06c36be9e63c0efe6c2b3f548f0017bf3fbb185187706

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Microsoft Excel to deliver its malicious payload. The primary attack pattern involves luring the user into opening a malicious Excel file, which then executes the embedded malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.