Qbot Office (OOXML) / .XLSX malware analysis — malicious · 956ed791e2cb96d5

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f9c668cf5471e7b1fa8691def56a70c0 SHA-1: e12912940bcab09ffb850df1d1771085f83b9bbc SHA-256: 956ed791e2cb96d57bb522a5894d00186327bbf617f62c94712eebb3cd8625d7

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicates that this Excel file is a Qbot dropper. Qbot is known for its ability to download and execute further malicious payloads, often involving banking trojan functionalities. The file's nature as an Excel document suggests it was likely delivered via a spearphishing attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.