Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4d1962120577b0e3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 787abf091741cc46d6be2ba0f2aa1a20 SHA-1: 5b5b989fac3f1a90cdbbd7386123621affc54eae SHA-256: 4d1962120577b0e3c3c232f9f4957d634834e9d3a68cec883eb4253571f601a3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious spreadsheet, which then executes the embedded payload. Further analysis of the payload's behavior would be required to detail specific execution techniques.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.