Qbot Office (OOXML) / .XLSX malware analysis — malicious · c5e211ac4f9e6fea

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 662343b03830c61c7ada75c0d524d91b SHA-1: 0e4829b9482c3f24feb8cfba794a0a9420273c47 SHA-256: c5e211ac4f9e6fea3d35ef0df578d8c44ef125a0eb62fed5fdc9d75d0a4c289d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot banking trojan. As an Excel document, it likely uses social engineering or exploits to execute malicious code, leading to the download and execution of further stages.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.