Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2cd451f22151b68e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 82d09d4119541d59e313a67f303f4dc4 SHA-1: 3ed7211e3a60e40a073a4c042dfc9a7c211d93f4 SHA-256: 2cd451f22151b68e58217cd09385bebbbbc5d506ef5a6e3160a79dd9b13ae89e

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely uses social engineering or exploits to deliver its payload. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.