Qbot Office (OOXML) / .XLSX malware analysis — malicious · 53815c1bb15c545c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5c48884dd10c53cc43844f4eb5b0c575 SHA-1: 35e95a9ca59539170f9c39a6a2c70d13b0c28338 SHA-256: 53815c1bb15c545cadc843f1409078b8d27edf1e5b4f912e8d7e38ceb7e36276

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests the primary attack pattern involves luring the user into opening the document and executing embedded malicious content, likely via macros, to download and run the Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.