Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9c5da016631d499b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 074c926c99864766d2e4a67ce904b36e SHA-1: eaa0b41e8047a2be0a6cb1a9f9a1a8ce1f123e05 SHA-256: 9c5da016631d499bb0704db700250d55c44202f4cf7d658077e360c4ba4c0167

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The detection implies the Excel file is designed to execute malicious code, likely to download and install further malware. The primary attack vector is spearphishing attachment, leading to macro execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.