Qbot Office (OOXML) / .XLSX malware analysis — malicious · 35a73dfaf06753ae

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 154575a680382d11658a1c8c6e9a687d SHA-1: 0a31e90c868c15c9d84ca9cb88c3122b0b2f7647 SHA-256: 35a73dfaf06753aee1ed12c34e677a212067c692e7cd0a97e007146df42f05a1

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The file's nature as an Excel document suggests it was likely delivered via spearphishing, aiming to trick the user into enabling macros to execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.