Qbot Office (OOXML) / .XLSX malware analysis — malicious · cd82e5af25e38de7

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a1c26e4d605a31841286462195acd0e6 SHA-1: a1a6330b860e35ceb1417786d3ed78828414c852 SHA-256: cd82e5af25e38de7c06edf50ef73ba191446183b171708369ede818eb0a7e427

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of malware is typically used to download and execute additional malicious stages onto an infected system. The primary function is to facilitate the initial infection vector for the Qbot banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.