Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9eaa7e8fc3618199

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ea0f17574d27ce12cbc0469f1028983c SHA-1: 4223c3b0a369482f111597bb4b44b92abd28a02f SHA-256: 9eaa7e8fc36181997a054438ae719946b30b7bc0892363aba048216db423c324

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The document's structure and heuristic firings suggest it's intended to lure the user into enabling macros, which would then execute the malicious payload. No document body or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.