Qbot Office (OOXML) / .XLSX malware analysis — malicious · 23b17f7a23f2d8d4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: bc9aaf3cd1188ea849f738921d018d30 SHA-1: e4d1d08d69d0704d2d1455e8256e43b5b423284f SHA-256: 23b17f7a23f2d8d4bd31c9f3db44225926a6131be62d78030bf68a62db584e73

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The file's nature as an Excel document suggests it was likely delivered via spearphishing, aiming to trick users into enabling macros to initiate the payload download and execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.