Qbot Office (OOXML) / .XLSX malware analysis — malicious · 830382845a395baf

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 18512a9db03d97485cda7f6a7d708fb7 SHA-1: aa2a11014feb1cce159efa5b0c6223b017efd2eb SHA-256: 830382845a395bafb80ff2385f066595f1161dc4e5518dc1feb81ab7e5a0ccbe

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious payload. The primary function is to download and execute a secondary-stage malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.