Qbot Office (OOXML) / .XLSX malware analysis — malicious · e6e98f809c07f4bb

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: dc1e6a084dcc9c1b4321d899dcb86f74 SHA-1: 4fa68d1358b8309ba1654ef313f8ab17898d63ec SHA-256: e6e98f809c07f4bbdfdb89f770e7fb5a68853c1ff351d15c3c9121d3d61339f2

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV detection 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this Excel file acts as a dropper for the Qbot banking trojan. The file's purpose is to initiate a malicious download or execution chain upon opening. Further analysis would be required to identify specific IOCs related to the payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.