Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8a5cba64be2ae5fd

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d842cbc768bd866df7d347f322582e6d SHA-1: afa5f7046996755007e661c662c1afc6833026e5 SHA-256: 8a5cba64be2ae5fda2be93e0617e76bf300036bc2572361a28ced135bcb1480b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. No scripts were extracted, but the heuristic suggests a payload execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.