Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2a9ce67a31eee043

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f7190edbdf15ebc8e5cfc014fdcb21e9 SHA-1: 37747320ecbb4c0f64ab74107e393d3ee56ced53 SHA-256: 2a9ce67a31eee043a51d837dd62427c3519ac7ed9bb0d4bc97ba2b5527e7ecde

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for the Qbot banking trojan. The document's structure and the heuristic firing suggest it is designed to lure the user into enabling macros, which would then execute the malicious payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.