Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8ffee7d34896f3f4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9e3bc06340ff34aebb9b6ecc3967c659 SHA-1: f57a14903dedf4ffd6bb0722c6d12e690e1dda29 SHA-256: 8ffee7d34896f3f46c7d7365a6708950a5008361464f13552663bacd8c691dcf

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. The dropper's purpose is to download and execute a secondary, more potent payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.