Qbot Office (OOXML) / .XLSX malware analysis — malicious · 402061155aed5650

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8b734c50697451ec3efab34aceedfb2f SHA-1: 61c1e7fd3c120e7b6863e870d39012096fc2c715 SHA-256: 402061155aed5650a9bb0471a4dd80bb5981c51b3841dabae9f89c877f93fa59

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Excel documents to deliver its malicious payload. Further analysis of the document's content and any embedded scripts would be necessary to confirm the exact execution chain and identify specific IOCs.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.