Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8eb8a362d231b4cd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8d41296bf3e7c070bafd597b95bb4d2d SHA-1: c2e29fad61bc6f3c6a141c8200df73c5968b4df9 SHA-256: 8eb8a362d231b4cda511418ef4f6719c75b9b0a0a47efee873c291d07eac41f8

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves delivering this malicious document via spearphishing to trick users into opening it, likely leading to the execution of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.