Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9dde5b97be94ca5d

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: eb8e7608a447c49cb974212cccc52d3b SHA-1: 870013ba4d0544bafd9996f3b9233398218c1430 SHA-256: 9dde5b97be94ca5d73d0bc1821439c6fb7f857efcb03c989cb02153d7277d11f

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its capabilities in stealing financial information and facilitating further network compromise. The primary attack vector is likely through social engineering within the document to trick the user into enabling macros, which then execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.