Qbot Office (OOXML) / .XLSX malware analysis — malicious · a98b9cb03f394479

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7f5260a0418fe2600c7f0b44c6906c78 SHA-1: a03196fb8c51e30a8e44b65d893cbb7726d397fc SHA-256: a98b9cb03f394479da4df6f38cafd6d0bd1c248356cdc0b8374893f36b03b40e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The detection name suggests it exploits vulnerabilities within Microsoft Excel to deliver its malicious payload. The primary attack vector is likely spearphishing, leveraging the document's macro capabilities to execute the secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.