Qbot Office (OOXML) / .XLSX malware analysis — malicious · 268412ac2a861304

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 17e69276304693246b030c38f69ba59e SHA-1: 0e8d3e9daea35e9a173225bb14b2514e1dc43758 SHA-256: 268412ac2a861304b78c12fdb388258ce76c47c7131a250536e3b99575e36b5a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves spearphishing attachments to deliver this malicious payload. Further analysis would be required to identify specific download URLs or execution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.