Qbot Office (OOXML) / .XLSX malware analysis — malicious · bcaebe8598145917

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d7938517608f47aee00e5f89ae516641 SHA-1: dc9b938b2e02eca6194b71fe4701484a7895933b SHA-256: bcaebe85981459176a9a9b4a90960f3b715b614d230c4a584cec5e0b19022dff

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The malicious nature is further indicated by its classification as a critical heuristic firing. The primary attack vector is likely a phishing email attachment, leading to the execution of a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.