Qbot Office (OOXML) / .XLSX malware analysis — malicious · 48e17925ec7a9e80

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 80c762dbeb8d59524956dab859127cfb SHA-1: 4c39e290783c4f0dc0272c3f4c30702ecebddb3a SHA-256: 48e17925ec7a9e8045cb3784ccff07bc1e2b7c73ac368de056b4e6260146c8ca

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Microsoft Excel to deliver its malicious payload. The primary attack pattern involves luring the user into opening the malicious Excel file, which then executes the embedded malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.