Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8d8ff5f0380d61ab

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 741a8c461b100e7a0a557df1c399ba86 SHA-1: 8d251b75418fdb2ef794d2206e392a8ae84c8aff SHA-256: 8d8ff5f0380d61ab3ee6c637c93679e476144dbd2ac218467d0a5e515810b3dc

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. As an Excel file, it likely uses macro execution to download and run the secondary payload. The primary attack pattern involves luring the user into opening the malicious attachment and enabling macros.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.