Qbot Office (OOXML) / .XLSX malware analysis — malicious · 483a8b18d45230cd

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1823c38c2f8277f9da502e75bc98ddb2 SHA-1: f1db0a017325416264cb62a4a414cd06dbba6c93 SHA-256: 483a8b18d45230cd210c8d9b629d364071c71f2177f3dd8a142172fa523107b8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The detection suggests the Excel file is designed to execute malicious code, likely leading to the download and installation of the Qbot banking trojan. Further analysis of the document's content and any embedded scripts would be necessary to confirm the exact delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.