Qbot Office (OOXML) / .XLSX malware analysis — malicious · 816822e3cc624d77

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3b6c91cf304e10c282b9115011e4a47b SHA-1: 9405afcc67bf197b181abf9709a8e62b27912794 SHA-256: 816822e3cc624d77e2295eeccecfd1af7968323077a887dc51f28c45c3bebf9b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. This type of malware typically uses malicious Office documents to lure users into enabling macros, which then download and execute the main payload. The presence of the Qbot signature suggests a direct attempt to deliver this banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.