Qbot Office (OOXML) / .XLSX malware analysis — malicious · cbe8615d85386c0e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 701f969da63ee5f1d7e5899d5c47dbe1 SHA-1: d8f442017e4e412ccaa27aad4ab03c478c0a405f SHA-256: cbe8615d85386c0e01f275d2e9721e5964199d832a44bd740a9d38d19ee5ad61

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves tricking the user into opening the malicious Excel file, which then executes the embedded malicious code to download and run a further stage payload. The specific exploit or delivery mechanism is not detailed in the provided heuristics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.