Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9408d411104885b4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ebcb313e431653a69f5928c56e499c22 SHA-1: 631a839369e4e78c703ac32fcc4e0a8622fd5e80 SHA-256: 9408d411104885b435acd6ad037f3da1fcae809eef6790f7f02c642052f53ee6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to initiate the infection chain. Further analysis would be required to determine the exact execution method of the secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.