Qbot Office (OOXML) / .XLSX malware analysis — malicious · 27820549c353d968

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6e5103aa5371248b6c9a02b8a5f757ee SHA-1: f072c2db077ca2cf877ff75b5eabd9465b98ae5c SHA-256: 27820549c353d968b958d76608ff270884ae3e9d8f9330f614f27f23124642d0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot banking trojan. The Excel format suggests it was likely delivered via spearphishing, aiming to trick the user into enabling macros to initiate the payload download and execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.