Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8d9f0f905c8c13da

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7c88a6a9852b7dbb15efbe2e29a026b1 SHA-1: 362ab4de2340b04332838c46324092326df2b2d7 SHA-256: 8d9f0f905c8c13da0f30ec2280ce46a9cd99c7552388c1e110e724736277a3a2

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file is typically used to lure users into opening it and executing malicious code, leading to the download and installation of the Qbot banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.