Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2ab7b6d56a53dd27

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2e0cf94da3f9f9aa8a51cd7d2ce51cd4 SHA-1: cba15a9bbc1a05d9fd807df5fcfbc58a8aa43b5c SHA-256: 2ab7b6d56a53dd27b5ee12259847047366268bc441835e3b8a1f98180bffd16b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Microsoft Excel to deliver its payload. The primary attack vector is likely spearphishing, leading the user to open the malicious spreadsheet.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.