Qbot Office (OOXML) / .XLSX malware analysis — malicious · 379584a1965c40de

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: aa51b4ae9cb0488647138b52ce619f56 SHA-1: ed4259c1f39ea097a6aaec234bf47c545b6ef226 SHA-256: 379584a1965c40de8bac215845e8081ad7af0293da8b1b3a6645411d2c5346d2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. Its nature as an Excel file suggests it likely uses macro execution or exploits to deliver its payload. The primary attack pattern involves tricking the user into opening the malicious document, leading to the execution of the secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.