Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9b4a5781839d2ff4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 56cc61c9140d46ecc8978f65599fa82d SHA-1: c9667e907e59dc44d5270879ebb658bf3a48a2ac SHA-256: 9b4a5781839d2ff48841c5b01b40539e200592bfcc2653aa10af4be7ed938bd2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The document's structure and detection name suggest it is intended to exploit vulnerabilities or trick users into executing malicious code, likely leading to the download and installation of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.