Qbot Office (OOXML) / .XLSX malware analysis — malicious · 94433a8f6ea7a67f

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 086acac4564588d305a5f69562afac07 SHA-1: a3d496f1f4d8b3d53fa12058440c2c0bbf3d7e74 SHA-256: 94433a8f6ea7a67f264f5c9d2d37b870312a153ea59092003a4065ea1f3bea02

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file is typically used to lure users into opening it and executing malicious code, often leading to the download and installation of the Qbot banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.