Qbot Office (OOXML) / .XLSX malware analysis — malicious · 28824049643aa1a2

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6e77e7b67ad7e6a0ee5c7b94fc51149d SHA-1: 7b6bfc500ad63b3a5d58d82b72cf22b6e97c39de SHA-256: 28824049643aa1a271363d6e70538b370694ea36f25b7b4a90be429f4e7e002a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Excel documents to deliver its payload. The primary attack pattern involves tricking users into opening a malicious Excel file that then executes the malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.