Qbot Office (OOXML) / .XLSX malware analysis — malicious · 55a1efe70ad644df

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 85a447bfda08c1a295685558134f0e62 SHA-1: c8c8121e7a9e3475dbcf6801158523cce77cc445 SHA-256: 55a1efe70ad644dfca822f6ef3c1bcca19e046c11ba02ef954ee2c3c5fb42420

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection signature suggests the Excel file is designed to execute malicious code, likely through macros, to download and install the Qbot malware. This is a common delivery method for Qbot.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.