Qbot Office (OOXML) / .XLSX malware analysis — malicious · 78fc4495a917edb6

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4aa9f6ebb13da999cd61c87a43cffd3d SHA-1: 7c4cb529e92466aaaea5fbd861ad3ad2417d54ae SHA-256: 78fc4495a917edb63d39c7a8a5d04daa713e9dfef733c70c895e7d2883f9e20e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious spreadsheet, which then likely executes embedded malicious code to download and install the Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.