Qbot Office (OOXML) / .XLSX malware analysis — malicious · a579a980536c645e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ecae21d5744508c6ce35774115c8530e SHA-1: 9e70b6767a41353a7ea1810015a49d01aa4bb37a SHA-256: a579a980536c645e371acf6ac90e6b77672690729631e78732fba9668c056a94

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The presence of macro-related heuristics, though not explicitly detailed here, is typical for Qbot delivery via Office documents. The primary attack pattern involves luring the user to open the document, which then executes malicious code to download and install the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.