Qbot Office (OOXML) / .XLSX malware analysis — malicious · 92d63ec510d65439

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 073e323b3e32f5cfbf718fba549049eb SHA-1: c2debf8577e3eb8efe29d778fc4bca1bfcc07636 SHA-256: 92d63ec510d6543934a69fed5df3eebcc86bca25ef9e5f2246983349c72e95f7

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits macro-enabled Excel documents to deliver the initial stage of the Qbot infection chain. The primary attack pattern involves luring the user into opening the malicious Excel file and enabling macros, which then executes the payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.