Qbot Office (OOXML) / .XLSX malware analysis — malicious · d64d45e95ab1f285

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 803a378e52684409e4564767991221f3 SHA-1: 40de09b99ec5b697a3b4bbe600f6a1af8e4b86a1 SHA-256: d64d45e95ab1f285c7d6da726ab7f8c5107ddf8456b4bb57125b81b80f813c40

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious File

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper for the Qbot banking trojan. The primary attack pattern involves luring the user into opening the malicious spreadsheet, which then executes the embedded payload. The SHA256 hash is provided as a key indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.