Qbot Office (OOXML) / .XLSX malware analysis — malicious · 25f04847483ae413

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0d464644af1bbfd1d8fccdf6e543e027 SHA-1: d9c83a8298c3ff2c6b2bb4b08a2134c06693c4d2 SHA-256: 25f04847483ae4132e0706353c41b5c6bbf02581b92408cac0661d24f75ceee2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious document, which then executes the embedded payload. The SHA256 hash is provided as a key indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.