Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8c18d8bce1e03ed3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6e48de62e955e1f125ba1ac8f2944f24 SHA-1: 4d9fd889b9df213d86750f3eb44eda2d86dcb925 SHA-256: 8c18d8bce1e03ed3d5b76211133d4add834617e87abec5bf4be7e2e99e7dc192

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. While no VBA or scripts were explicitly extracted, the heuristic firing suggests the presence of malicious code within the Excel document, likely designed to download and execute a secondary payload. The document's purpose is to lure the user into opening it, triggering the malicious execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.