Qbot Office (OOXML) / .XLSX malware analysis — malicious · d1e13c4dd61ece79

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 06c58a6b49618784996e615cd7b52634 SHA-1: b409a4a1d1b46aa1f9f4e2426ca3f6ce0f777cb9 SHA-256: d1e13c4dd61ece79b7a2af73cb3be10c294f35da4b5996c3f7e22070ec51eaf4

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its nature as a dropper for the Qbot banking trojan. The file's structure as an Excel document suggests it was likely delivered via spearphishing, aiming to trick users into enabling macros to execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.