Qbot Office (OOXML) / .XLSX malware analysis — malicious · a0c2ffec00f7016e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b12e9df85d493a9efeee54e0bf35b384 SHA-1: 1d2c8e7ed6e680c55bea36982839cd539794f44d SHA-256: a0c2ffec00f7016e528eb613afeea5f7d60ebf82ace251743beb77948fb76731

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: User Execution of Malicious Code

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to trick users into enabling macros or otherwise executing the embedded payload. The dropper's purpose is to download and execute a secondary-stage Qbot component.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.