Qbot Office (OOXML) / .XLSX malware analysis — malicious · 42569cac54b5b608

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 87f98b080638f9636e91da569559a841 SHA-1: c1e40e0e5690e767eca45812038b69729601810a SHA-256: 42569cac54b5b608a5af0e243118932e819d3e048d07f95a83ad2e5dbd7e8c75

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel macro-enabled spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the embedded malicious code to download and run a secondary payload. This aligns with common Qbot distribution methods.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.