Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4a54f4484ce1d69e

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2abd4a16c025daf22297bfbe19d56af3 SHA-1: e011f1eeb84a759c9a53dd1c680b10cf91b3931c SHA-256: 4a54f4484ce1d69efc263e4cbedeb8e4583b61f8468ec1c463b8df4ca7f06422

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The document likely exploits social engineering to trick users into enabling macros, which would then execute malicious code to download and run further stages of the infection. The presence of Qbot indicators points towards a phishing or spearphishing attachment attack vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.