Qbot Office (OOXML) / .XLSX malware analysis — malicious · a115a838f86d2e30

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7a5b305ed0f927ca12c2d28ef45936ef SHA-1: 84e3622dfee5a3811d3dc0b180a2711cdea31742 SHA-256: a115a838f86d2e30e3ba8fb2179ab39e4a8024b42f2b3d3fe731398fc7b650af

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The Excel format and the dropper behavior suggest it is delivered via spearphishing, likely prompting the user to enable macros to execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.