Qbot Office (OOXML) / .XLSX malware analysis — malicious · b5226e1006ed0164

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 72d924f88c4f4a6ac9244b5afef024d8 SHA-1: 961862b7156f23a3ec05946c8462226a4ddcf3f6 SHA-256: b5226e1006ed0164c97d1171f43168f303697ddd6a8664f68ae2f9970e77946e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. The document's purpose is to exploit vulnerabilities or trick users into executing malicious code, leading to the download and installation of the Qbot malware. Further analysis of the document's content and any embedded scripts would be necessary to confirm the exact delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.